Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
kjDPynh9vQ.exe

Overview

General Information

Sample name:kjDPynh9vQ.exe
renamed because original name is a hash value
Original sample name:a94e88b82d8b95386186b27736dff926.exe
Analysis ID:1576611
MD5:a94e88b82d8b95386186b27736dff926
SHA1:1c3e3a04d8d2f43867f4441ea230f5893cd14d76
SHA256:a9d9260b88c2a2f7543c9d9d61366685b2595517fbeb64cc7129898213d56b8e
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • kjDPynh9vQ.exe (PID: 5904 cmdline: "C:\Users\user\Desktop\kjDPynh9vQ.exe" MD5: A94E88B82D8B95386186B27736DFF926)
    • taskkill.exe (PID: 416 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3776 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3924 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2132 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2432 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 5360 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 2548 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6556 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2896 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2216 -prefMapHandle 2208 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a18538d7-1446-4a41-8df2-073c12ed6759} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 28911670f10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3248 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -parentBuildID 20230927232528 -prefsHandle 2932 -prefMapHandle 3068 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {279f734c-85f2-42c5-af02-fff71848b197} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 28921d2d810 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7736 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4432 -prefMapHandle 5232 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6c238e2-98a7-43a7-b744-6ad126dfa70c} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 2891166e110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: kjDPynh9vQ.exe PID: 5904JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: kjDPynh9vQ.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: kjDPynh9vQ.exeVirustotal: Detection: 31%Perma Link
    Source: kjDPynh9vQ.exeReversingLabs: Detection: 36%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
    Machine Learning detection for sample
    Source: kjDPynh9vQ.exeJoe Sandbox ML: detected
    Source: kjDPynh9vQ.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49727 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49793 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49794 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49815 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49816 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.6:49818 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49823 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49824 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49825 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49897 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49899 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49900 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49898 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49901 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49907 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49908 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2411924238.00000289212C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413130871.00000289212C2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412710293.00000289212C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413741617.00000289212C2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411553459.00000289212C0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 0000000E.00000003.2411924238.00000289212C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413130871.00000289212C2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412710293.00000289212C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413741617.00000289212C2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411553459.00000289212C0000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_005ADBBE
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0057C2A2 FindFirstFileExW,0_2_0057C2A2
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B68EE FindFirstFileW,FindClose,0_2_005B68EE
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_005B698F
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_005AD076
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_005AD3A9
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_005B9642
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_005B979D
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_005B9B2B
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_005B5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 204MB
    Source: unknownNetwork traffic detected: DNS query count 32
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005BCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_005BCE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2368203063.000002892A9AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000002.3994219275.000001AE40903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF970C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000002.3994219275.000001AE40903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF970C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000012.00000002.3994219275.000001AE40903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF970C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000014.00000002.3993751642.000001DEF970C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000014.00000002.3993751642.000001DEF970C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000014.00000002.3993751642.000001DEF970C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368203063.000002892A9AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2377354798.000002892A4D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: mitmdetection.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2402373179.0000028924239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2410619466.00000289212CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2410619466.00000289212CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2366604298.000002892B8B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2386426397.000002892A49D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2366604298.000002892B8B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2377777526.000002892A47F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2366604298.000002892B8B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2361182360.0000028922F0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341818892.0000028921BB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2405245064.0000028923CEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345306096.0000028921BDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2187644122.0000028921738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341818892.0000028921BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426380781.0000028922FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198380829.0000028921BA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406376444.0000028922FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351565037.00000289252CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2325331301.0000028922FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429153546.000002892A937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2438850918.0000028922F22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2355560160.000002892AC3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2441495438.0000028929A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368203063.000002892A97A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328124570.000002892A985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2254851077.00000289252BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2441074741.000002892ACB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356605545.0000028921BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315082446.0000028921B6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2410619466.00000289212CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2394045759.000002892BF37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2226490172.0000028923DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2396323882.0000028929E3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2390009079.000002892B3B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B391000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383156863.000002892B391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2400310677.0000028929B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000E.00000003.2225514512.000002892421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2378010572.0000028929E74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2383051482.000002892B88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373765282.000002892B88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402373179.0000028924239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225514512.000002892421B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389513573.000002892B88B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3993345251.00000185474E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3997155184.000001DEF9903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
    Source: firefox.exe, 00000010.00000002.3993345251.00000185474E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3997155184.000001DEF9903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
    Source: firefox.exe, 0000000E.00000003.2389642507.000002892B872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2349122019.0000028923E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2341588909.00000289229D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2368203063.000002892A97A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328124570.000002892A985000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.2349122019.0000028923E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.2341588909.00000289229AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2399026200.0000028929D6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2403597777.0000028923DDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3993345251.00000185474E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3997155184.000001DEF9903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
    Source: firefox.exe, 00000010.00000002.3993345251.00000185474E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3997155184.000001DEF9903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.2399963905.0000028929BC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2399963905.0000028929BC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2399963905.0000028929BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223727810.00000289298DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2390749285.00000289298DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379610352.00000289298DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386693636.00000289298DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2426380781.0000028922FCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394757448.000002892A8E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2342099768.00000289218F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2390453973.000002892A8E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374791809.000002892A8E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327404879.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316166033.00000289218EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310674452.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336065428.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198125528.00000289218F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2232963158.000002892BF2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393446312.000002892BFFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389333039.000002892BF35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE40912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF9713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2383405320.000002892A84A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376326824.000002892A84A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000E.00000003.2232963158.000002892BF2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393446312.000002892BFFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389333039.000002892BF35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE40912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF9713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 0000000E.00000003.2387901404.00000289250B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392955405.00000289250BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE4092F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF9730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 0000000E.00000003.2387901404.00000289250B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392955405.00000289250BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2400310677.0000028929B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 0000000E.00000003.2387901404.00000289250B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392955405.00000289250BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2321754147.00000289229B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2343436799.00000289229B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304318022.00000289229AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383156863.000002892B331000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B331000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351058361.00000289229C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341588909.00000289229AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2389820816.000002892B83D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.2367901557.000002892B0C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2389820816.000002892B83D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.2389820816.000002892B83D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.2389820816.000002892B83D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.2389820816.000002892B83D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000E.00000003.2400264735.0000028929B6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2366604298.000002892B8B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2381289257.0000028929768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2389513573.000002892B88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/9d067ff2-02df-48a8-89a8-8fcbf
    Source: firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2378010572.0000028929E74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233459678.0000028929E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2226832950.0000028922B79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2234979407.0000028922B5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2428671801.000002892A943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244158929.000002892A954000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310674452.000002892A943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243109428.000002892A954000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243551202.000002892A954000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337262983.000002892A943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244718716.000002892A954000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.li
    Source: firefox.exe, 00000012.00000002.3994219275.000001AE40986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF978F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000E.00000003.2386560821.000002892A478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.2410704351.00000289212C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2366604298.000002892B89D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000E.00000003.2378010572.0000028929EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395561251.0000028929EA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000E.00000003.2402373179.0000028924239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2426380781.0000028922FCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2390711211.0000028929E51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2223727810.0000028929880000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380205088.000002892988D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2390899542.000002892988D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2387062068.000002892988D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.2399610026.0000028929BF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE40912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF9713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2399610026.0000028929BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381289257.0000028929768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2404145984.0000028923DBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226490172.0000028923DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2391207268.0000028929797000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381289257.0000028929797000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.2383643754.000002892A83E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373765282.000002892B88F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367239125.000002892B88F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383051482.000002892B88F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376434017.000002892A83E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389513573.000002892B88F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2314205920.0000028923E99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2391207268.000002892978B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381289257.0000028929768000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 0000000E.00000003.2395561251.0000028929EA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2377354798.000002892A4D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2232963158.000002892BF2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3993345251.00000185474E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3997155184.000001DEF9903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
    Source: firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385797305.000002892A8C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327404879.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398268240.0000028929DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378701285.0000028929DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310674452.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336065428.000002892A9C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2379729987.00000289298B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2220146787.0000028929A54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327404879.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398268240.0000028929DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378701285.0000028929DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310674452.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336065428.000002892A9C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2377510311.000002892A4C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386389662.000002892A4C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.2404569172.0000028923D85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226490172.0000028923D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2396323882.0000028929E40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403597777.0000028923DD5000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2367437859.000002892B391000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383156863.000002892B391000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389964901.000002892B3B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2378010572.0000028929EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395561251.0000028929EA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2378010572.0000028929EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395561251.0000028929EA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2378010572.0000028929EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395561251.0000028929EA7000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000010.00000002.3993345251.00000185474C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2377354798.000002892A4D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 00000010.00000002.3993345251.00000185474E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3997155184.000001DEF9903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
    Source: firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 00000014.00000002.3993751642.000001DEF970C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2405245064.0000028923CAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2394045759.000002892BF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000012.00000002.3993510781.000001AE408E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac
    Source: firefox.exe, 0000000E.00000003.2396323882.0000028929E34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394045759.000002892BF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3996884791.0000018547504000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3992295098.000001854718A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3992249360.000001AE4067A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3992249360.000001AE40670000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3993510781.000001AE408E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3991866392.000001DEF9354000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3992174707.000001DEF939A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.2166938549.000002BA12F60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2178541182.000001BE7C95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000010.00000002.3992295098.0000018547180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdF
    Source: firefox.exe, 00000010.00000002.3996884791.0000018547504000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3992295098.0000018547180000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3992249360.000001AE40670000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3993510781.000001AE408E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3992174707.000001DEF9390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3991866392.000001DEF9354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000010.00000002.3992295098.000001854718A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdR
    Source: firefox.exe, 00000014.00000002.3992174707.000001DEF939A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdm
    Source: firefox.exe, 00000014.00000002.3992174707.000001DEF9390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdy
    Source: firefox.exe, 00000014.00000002.3991866392.000001DEF9350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://acp
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
    Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49727 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49793 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49794 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49815 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49816 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.6:49818 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49823 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49824 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49825 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49897 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49899 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49900 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49898 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49901 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49907 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49908 version: TLS 1.2
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_005BEAFF
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005BED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_005BED6A
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_005BEAFF
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_005AAA57
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005D9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_005D9576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: kjDPynh9vQ.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: kjDPynh9vQ.exe, 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_515c4619-c
    Source: kjDPynh9vQ.exe, 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_95b72e1d-0
    Source: kjDPynh9vQ.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_ce093d81-4
    Source: kjDPynh9vQ.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_80cf6c1b-e
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001AE408D5C77 NtQuerySystemInformation,18_2_000001AE408D5C77
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001AE40E9B332 NtQuerySystemInformation,18_2_000001AE40E9B332
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_005AD5EB
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_005A1201
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_005AE8F6
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0054BF400_2_0054BF40
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B20460_2_005B2046
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005480600_2_00548060
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005A82980_2_005A8298
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0057E4FF0_2_0057E4FF
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0057676B0_2_0057676B
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005D48730_2_005D4873
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0054CAF00_2_0054CAF0
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0056CAA00_2_0056CAA0
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0055CC390_2_0055CC39
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00576DD90_2_00576DD9
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0055B1190_2_0055B119
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005491C00_2_005491C0
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005613940_2_00561394
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0056781B0_2_0056781B
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0055997D0_2_0055997D
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005479200_2_00547920
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00567A4A0_2_00567A4A
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00567CA70_2_00567CA7
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005CBE440_2_005CBE44
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00579EEE0_2_00579EEE
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001AE408D5C7718_2_000001AE408D5C77
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001AE40E9B33218_2_000001AE40E9B332
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001AE40E9BA5C18_2_000001AE40E9BA5C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001AE40E9B37218_2_000001AE40E9B372
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: String function: 00549CB3 appears 31 times
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: String function: 00560A30 appears 46 times
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: String function: 0055F9F2 appears 40 times
    Source: kjDPynh9vQ.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/38@70/13
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B37B5 GetLastError,FormatMessageW,0_2_005B37B5
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005A10BF AdjustTokenPrivileges,CloseHandle,0_2_005A10BF
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005A16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_005A16C3
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_005B51CD
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_005AD4DC
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_005B648E
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005442A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_005442A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2136:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1832:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6220:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4924:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5912:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: kjDPynh9vQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.2389784204.000002892B84B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: kjDPynh9vQ.exeVirustotal: Detection: 31%
    Source: kjDPynh9vQ.exeReversingLabs: Detection: 36%
    Source: unknownProcess created: C:\Users\user\Desktop\kjDPynh9vQ.exe "C:\Users\user\Desktop\kjDPynh9vQ.exe"
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2216 -prefMapHandle 2208 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a18538d7-1446-4a41-8df2-073c12ed6759} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 28911670f10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -parentBuildID 20230927232528 -prefsHandle 2932 -prefMapHandle 3068 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {279f734c-85f2-42c5-af02-fff71848b197} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 28921d2d810 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4432 -prefMapHandle 5232 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6c238e2-98a7-43a7-b744-6ad126dfa70c} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 2891166e110 utility
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2216 -prefMapHandle 2208 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a18538d7-1446-4a41-8df2-073c12ed6759} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 28911670f10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -parentBuildID 20230927232528 -prefsHandle 2932 -prefMapHandle 3068 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {279f734c-85f2-42c5-af02-fff71848b197} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 28921d2d810 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4432 -prefMapHandle 5232 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6c238e2-98a7-43a7-b744-6ad126dfa70c} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 2891166e110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: kjDPynh9vQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: kjDPynh9vQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: kjDPynh9vQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: kjDPynh9vQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: kjDPynh9vQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: kjDPynh9vQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: kjDPynh9vQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2411924238.00000289212C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413130871.00000289212C2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412710293.00000289212C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413741617.00000289212C2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411553459.00000289212C0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 0000000E.00000003.2411924238.00000289212C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413130871.00000289212C2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412710293.00000289212C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413741617.00000289212C2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411553459.00000289212C0000.00000004.00000020.00020000.00000000.sdmp
    Source: kjDPynh9vQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: kjDPynh9vQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: kjDPynh9vQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: kjDPynh9vQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: kjDPynh9vQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_005442DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00560A76 push ecx; ret 0_2_00560A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0055F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0055F98E
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005D1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_005D1C41
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95213
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001AE408D5C77 rdtsc 18_2_000001AE408D5C77
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeAPI coverage: 3.8 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_005ADBBE
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0057C2A2 FindFirstFileExW,0_2_0057C2A2
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B68EE FindFirstFileW,FindClose,0_2_005B68EE
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_005B698F
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_005AD076
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_005AD3A9
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_005B9642
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_005B979D
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_005B9B2B
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_005B5C97
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_005442DE
    Source: kjDPynh9vQ.exe, 00000000.00000003.2129934771.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, kjDPynh9vQ.exe, 00000000.00000003.2129333345.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, kjDPynh9vQ.exe, 00000000.00000003.2131152449.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, kjDPynh9vQ.exe, 00000000.00000003.2130162639.00000000010B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V
    Source: firefox.exe, 00000010.00000002.3998768069.0000018547700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
    Source: kjDPynh9vQ.exe, 00000000.00000003.2129333345.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3998768069.0000018547700000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3992295098.000001854718A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3992249360.000001AE4067A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3997549437.000001AE40D90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3996924677.000001DEF9800000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3992174707.000001DEF939A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3998001038.0000018547619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000010.00000002.3998768069.0000018547700000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3997549437.000001AE40D90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 00000010.00000002.3998768069.0000018547700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001AE408D5C77 rdtsc 18_2_000001AE408D5C77
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005BEAA2 BlockInput,0_2_005BEAA2
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00572622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00572622
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_005442DE
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00564CE8 mov eax, dword ptr fs:[00000030h]0_2_00564CE8
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_005A0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00572622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00572622
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0056083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0056083F
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005609D5 SetUnhandledExceptionFilter,0_2_005609D5
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00560C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00560C21
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_005A1201
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00582BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00582BA5
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005AB226 SendInput,keybd_event,0_2_005AB226
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005C22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_005C22DA
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_005A0B62
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005A1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_005A1663
    Source: kjDPynh9vQ.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: kjDPynh9vQ.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.2412471979.0000028925A01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_00560698 cpuid 0_2_00560698
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0059D21C GetLocalTime,0_2_0059D21C
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0059D27A GetUserNameW,0_2_0059D27A
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_0057B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0057B952
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_005442DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: kjDPynh9vQ.exe PID: 5904, type: MEMORYSTR
    Source: kjDPynh9vQ.exeBinary or memory string: WIN_81
    Source: kjDPynh9vQ.exeBinary or memory string: WIN_XP
    Source: kjDPynh9vQ.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: kjDPynh9vQ.exeBinary or memory string: WIN_XPe
    Source: kjDPynh9vQ.exeBinary or memory string: WIN_VISTA
    Source: kjDPynh9vQ.exeBinary or memory string: WIN_7
    Source: kjDPynh9vQ.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: kjDPynh9vQ.exe PID: 5904, type: MEMORYSTR
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005C1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_005C1204
    Source: C:\Users\user\Desktop\kjDPynh9vQ.exeCode function: 0_2_005C1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_005C1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576611 Sample: kjDPynh9vQ.exe Startdate: 17/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 35 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 kjDPynh9vQ.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 228 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49717, 49718 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49719, 49729, 49737 GOOGLEUS United States 19->53 55 11 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    kjDPynh9vQ.exe32%VirustotalBrowse
    kjDPynh9vQ.exe37%ReversingLabsWin32.Ransomware.Generic
    kjDPynh9vQ.exe100%AviraTR/ATRAPS.Gen
    kjDPynh9vQ.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://login.li0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		31.13.69.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.65
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.193.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      mitmdetection.services.mozilla.com
                      		216.137.52.83
                      		truefalse
                        		high
                        contile.services.mozilla.com
                        		34.117.188.166
                        		truefalse
                          		high
                          youtube.com
                          		142.250.181.78
                          		truefalse
                            		high
                            prod.content-signature-chains.prod.webservices.mozgcp.net
                            		34.160.144.191
                            		truefalse
                              		high
                              youtube-ui.l.google.com
                              		142.250.181.14
                              		truefalse
                                		high
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                		34.149.128.2
                                		truefalse
                                  		high
                                  reddit.map.fastly.net
                                  		151.101.129.140
                                  		truefalse
                                    		high
                                    ipv4only.arpa
                                    		192.0.0.170
                                    		truefalse
                                      		high
                                      prod.ads.prod.webservices.mozgcp.net
                                      		34.117.188.166
                                      		truefalse
                                        		high
                                        push.services.mozilla.com
                                        		34.107.243.93
                                        		truefalse
                                          		high
                                          normandy-cdn.services.mozilla.com
                                          		35.201.103.21
                                          		truefalse
                                            		high
                                            telemetry-incoming.r53-2.services.mozilla.com
                                            		34.120.208.123
                                            		truefalse
                                              		high
                                              www.reddit.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                spocs.getpocket.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  content-signature-2.cdn.mozilla.net
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    support.mozilla.org
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      firefox.settings.services.mozilla.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.youtube.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          www.facebook.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            detectportal.firefox.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              normandy.cdn.mozilla.net
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                shavar.services.mozilla.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  www.wikipedia.org
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000E.00000003.2387901404.00000289250B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392955405.00000289250BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234846059.0000028925356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.000002892535E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                            		high
                                                                            https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.3994219275.000001AE40986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF978F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2399610026.0000028929BF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2389820816.000002892B83D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385797305.000002892A8C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327404879.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398268240.0000028929DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378701285.0000028929DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310674452.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336065428.000002892A9C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://youtube.com/firefox.exe, 0000000E.00000003.2394045759.000002892BF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2399026200.0000028929D6B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://youtube.com/account?=https://acfirefox.exe, 00000012.00000002.3993510781.000001AE408E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://login.lifirefox.exe, 0000000E.00000003.2428671801.000002892A943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244158929.000002892A954000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310674452.000002892A943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243109428.000002892A954000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243551202.000002892A954000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337262983.000002892A943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244718716.000002892A954000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                        		high
                                                                                                                        https://www.amazon.com/firefox.exe, 0000000E.00000003.2232963158.000002892BF2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.youtube.com/firefox.exe, 00000014.00000002.3993751642.000001DEF970C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2349122019.0000028923E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2396323882.0000028929E3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://127.0.0.1:firefox.exe, 0000000E.00000003.2402373179.0000028924239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2426380781.0000028922FCB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://bugzilla.mofirefox.exe, 0000000E.00000003.2389642507.000002892B872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://mitmdetection.services.mozilla.com/firefox.exe, 0000000E.00000003.2386560821.000002892A478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2399610026.0000028929BF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE40912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF9713000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.14.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2361182360.0000028922F0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341818892.0000028921BB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2405245064.0000028923CEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345306096.0000028921BDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2187644122.0000028921738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341818892.0000028921BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426380781.0000028922FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198380829.0000028921BA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406376444.0000028922FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351565037.00000289252CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2325331301.0000028922FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429153546.000002892A937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2438850918.0000028922F22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2355560160.000002892AC3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2441495438.0000028929A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368203063.000002892A97A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328124570.000002892A985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2254851077.00000289252BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2441074741.000002892ACB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356605545.0000028921BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315082446.0000028921B6A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2378010572.0000028929E74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233459678.0000028929E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://profiler.firefox.comfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2367901557.000002892B0C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2391207268.000002892978B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381289257.0000028929768000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2341588909.00000289229D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2383156863.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389891439.000002892B3E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367437859.000002892B3E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2399963905.0000028929BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223727810.00000289298DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2390749285.00000289298DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379610352.00000289298DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386693636.00000289298DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://youtube.com/account?=https://acpfirefox.exe, 00000014.00000002.3991866392.000001DEF9350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.google.com/searchfirefox.exe, 0000000E.00000003.2185834311.0000028921731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184966307.0000028921500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186102562.0000028921752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327404879.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185248031.000002892170F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398268240.0000028929DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378701285.0000028929DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310674452.000002892A9C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336065428.000002892A9C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://topsites.services.mozilla.com/cid/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://www.wykop.pl/firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://twitter.com/firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://www.olx.pl/firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_firefox.exe, 00000010.00000002.3993345251.00000185474E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3997155184.000001DEF9903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://www.google.com/complete/searchfirefox.exe, 0000000E.00000003.2220146787.0000028929A54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://watch.sling.com/firefox.exe, 0000000E.00000003.2377354798.000002892A4D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://getpocket.com/firefox/new_tab_learn_more/firefox.exe, 0000000E.00000003.2400156812.0000028929B8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfirefox.exe, 00000010.00000002.3993345251.00000185474E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3997155184.000001DEF9903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://www.google.com/complete/firefox.exe, 0000000E.00000003.2379729987.00000289298B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://getpocket.com/recommendationsfirefox.exe, 0000000E.00000003.2387901404.00000289250B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392955405.00000289250BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3994219275.000001AE409C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3993751642.000001DEF97C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://webextensions.settings.services.mozilla.com/v1firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://youtube.comfirefox.exe, 0000000E.00000003.2405245064.0000028923CAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integrationfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://www.amazon.de/firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://addons.mozilla.org/%LOCALE%/firefox/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://www.avito.ru/firefox.exe, 0000000E.00000003.2234846059.00000289253AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392731865.00000289253AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://spocs.getpocket.comfirefox.exe, 0000000E.00000003.2223727810.0000028929880000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380205088.000002892988D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2390899542.000002892988D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2387062068.000002892988D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://developers.google.com/safe-browsing/v4/advisoryfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://www.ctrip.com/firefox.exe, 0000000E.00000003.2233575079.0000028929E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378010572.0000028929E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://addons.mozilla.org/%LOCALE%/firefox/language-tools/firefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://firefox.settings.services.mozilla.comfirefox.exe, 0000000E.00000003.2383405320.000002892A84A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376326824.000002892A84A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-prfirefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 0000000E.00000003.2378010572.0000028929EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395561251.0000028929EA7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://blocked.cdn.mozilla.net/%blockID%.htmlfirefox.exe, 00000010.00000002.3997733967.0000018547570000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3992536240.000001AE406B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3993050504.000001DEF94E0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://www.sling.com/firefox.exe, 0000000E.00000003.2377354798.000002892A4D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          216.137.52.83
                                                                                                                                                                                                                                                                          		mitmdetection.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		8014BATELNETBSfalse
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          151.101.193.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.78
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1576611
                                                                                                                                                                                                                                                                          Start date and time:2024-12-17 10:27:17 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 8m 6s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:kjDPynh9vQ.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:a94e88b82d8b95386186b27736dff926.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/38@70/13
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                                                                                                                                          • Number of executed functions: 49
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 290
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.40.120.141, 44.228.225.150, 35.85.93.176, 172.217.17.46, 23.53.40.162, 23.53.40.129, 88.221.134.155, 88.221.134.209, 142.250.181.138, 13.107.246.63, 23.218.208.109, 4.245.163.56
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            151.101.193.916eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                              216.137.52.83file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                34.149.100.209fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  services.addons.mozilla.orgfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  star-mini.c10r.facebook.comfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  http://inspirafinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  https://business.livechathelpsuite.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  example.orgfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  twitter.comfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129

                                                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttp://inspirafinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                  Tbconsulting Company Guidelines Employee Handbook.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  BATELNETBShttps://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 216.137.52.123
                                                                                                                                                                                                                                                                                                                                  rebirth.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                  • 206.56.67.229
                                                                                                                                                                                                                                                                                                                                  https://t.ly/me-ZSGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 216.137.52.25
                                                                                                                                                                                                                                                                                                                                  https://cbthz04.na1.hs-sales-engage.com/Ctc/WX+23284/cbtHZ04/JlY2-6qcW95jsWP6lZ3mVW5xSkdC387hZlVGwpQc3P-q7wW4XgB4f44hCn1W3xYp5D6c1ttLW5FlJm432C9CFN1DvHyz7sRM3W1xbpQP3rjw57VdgQ8b5y5ncrN49hcz4pvY25W96rvby79_LjyW2hcbt-9lVY_PW61b5ZB17S04cW1Q1Z0m1qr_XnW4-Nvh_3JShBfW6ZlQ2B7-rTd7W5m54Pt4FXHVhN8f7LcVPRggDW6t0wZX12kCc8W8SWxd-65BfMKN89z7Dpr6bFRW62hqfp7800yqW6mjxRN41FPzSV9Cmrg5cL__SW36PjDN1zwkS6W21jP9H8v9kL6W995dJp10hcCRVsGjCC5n0FZjN7sg51mKQ1rDW15tQ1c3HKBShW818lp-6tdDqnf2cjw2s04Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 216.137.52.11
                                                                                                                                                                                                                                                                                                                                  https://app.droplet.io/form/Ko1loyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 216.137.52.108
                                                                                                                                                                                                                                                                                                                                  https://wetransfer.com/downloads/a83584fea59b11ef1e94d36869e8790020241209234540/89744b9472f9ce1b5e3b4ada79f2184c20241209234540/7041ff?t_exp=1734047140&t_lsid=42d44d78-6d8f-48db-8db5-5efa0c86786d&t_network=email&t_rid=ZW1haWx8Njc0ZjQ5YTNiNjM1NTFjNmY2NTg0N2Zj&t_s=download_link&t_ts=1733787940&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 216.137.52.33
                                                                                                                                                                                                                                                                                                                                  https://t.ly/8cSDxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 216.137.52.40
                                                                                                                                                                                                                                                                                                                                  https://app.droplet.io/form/yEoAzKGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 216.137.52.108
                                                                                                                                                                                                                                                                                                                                  https://app.droplet.io/form/yEoAzKGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 216.137.52.52
                                                                                                                                                                                                                                                                                                                                  mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 206.56.169.126
                                                                                                                                                                                                                                                                                                                                  FASTLYUSgreatnicefeatureswithsupercodebnaturalthingsinlineforgiven.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.137
                                                                                                                                                                                                                                                                                                                                  https://quarantine-emails13122024bcpe038qua8303rantine0832411.s3.eu-central-3.ionoscloud.com/message.html#anneke.hanekom@mmiholdings.co.zaGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.130.137
                                                                                                                                                                                                                                                                                                                                  DHL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                  • 185.199.110.153
                                                                                                                                                                                                                                                                                                                                  https://essind.freshdesk.com/en/support/solutions/articles/157000010576-pedido-553268637Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  seethebestmethodwithgreatnessgoodnewsgreatdaygivenme.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                  sweetnesswithgreatnessiwthbestthingswithmebackickmegreatthings.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.137
                                                                                                                                                                                                                                                                                                                                  createdbetterthingswithgreatnressgivenmebackwithnice.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                  ORDER-24171200967.XLS..jsGet hashmaliciousWSHRat, Caesium Obfuscator, STRRATBrowse
                                                                                                                                                                                                                                                                                                                                  • 199.232.196.209
                                                                                                                                                                                                                                                                                                                                  https://ivsmn.kidsavancados.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.131.6
                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSq2jbDDaB3T.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                  gyZkEwCn5w.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                  z2kJvTjVVa.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                  jf2jJnlcYf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                  fqw6IYYEwz.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                  sd3o9UfOL4.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                  PytpTDxs17.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                  4Aoo17481q.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                  eL4XYAHUrt.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230

                                                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_f9a8f7bd-3071-45c2-acbc-bef8f8223346.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.176482189725429
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:FBMXScHcbhbVbTbfbRbObtbyEl7nkrkJA6unSrDtTkdxSofq:Fi7cNhnzFSJEr31nSrDhkdx2
                                                                                                                                                                                                                                                                                                                                                    MD5:D3F79F2BC3515C34286BDCCA06EB152B
                                                                                                                                                                                                                                                                                                                                                    SHA1:AF6B3665E0B423F49A73493E5014C8C6BBDED3DA
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2F43409A2DB26E02C34713863F8F8235314F93289A8B236B970CF2E4412E3464
                                                                                                                                                                                                                                                                                                                                                    SHA-512:491767E48802D48B01A3E397C8B20B364E14ACEAC4BC9644D5D488A136D98D0C7B587E1E8B3D77D075EA378E5A32E326496F16FC503A74E7B175F4FE4991299B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"f9a8f7bd-3071-45c2-acbc-bef8f8223346","creationDate":"2024-12-17T11:03:29.865Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_f9a8f7bd-3071-45c2-acbc-bef8f8223346.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.176482189725429
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:FBMXScHcbhbVbTbfbRbObtbyEl7nkrkJA6unSrDtTkdxSofq:Fi7cNhnzFSJEr31nSrDhkdx2
                                                                                                                                                                                                                                                                                                                                                    MD5:D3F79F2BC3515C34286BDCCA06EB152B
                                                                                                                                                                                                                                                                                                                                                    SHA1:AF6B3665E0B423F49A73493E5014C8C6BBDED3DA
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2F43409A2DB26E02C34713863F8F8235314F93289A8B236B970CF2E4412E3464
                                                                                                                                                                                                                                                                                                                                                    SHA-512:491767E48802D48B01A3E397C8B20B364E14ACEAC4BC9644D5D488A136D98D0C7B587E1E8B3D77D075EA378E5A32E326496F16FC503A74E7B175F4FE4991299B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"f9a8f7bd-3071-45c2-acbc-bef8f8223346","creationDate":"2024-12-17T11:03:29.865Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                    MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                    SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                    MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                    SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3134472551390215
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:rMdaEvCUgdw/zijdaEvC6BdwZildaEviadw71:28K8qZ
                                                                                                                                                                                                                                                                                                                                                    MD5:6C145AD84D0F5E0730D3988A9EC0D1A7
                                                                                                                                                                                                                                                                                                                                                    SHA1:96EB666D96E0A336B5C414913872866168C85918
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BB3F839598099465875B78748550B11E56249A55A45CCD7710672743C28345B1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:002DD2BF208E7C64B57875F82C2C4568B929D17EA4F60D58B40D20EBF6C7C3C6569EF1F40F96230CB6EF0BAEFC8174B7B4E2BD6BFF654662C17A369278BACAB9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p..........fP..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.I.Y.K....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.K............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.K..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............~......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3134472551390215
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:rMdaEvCUgdw/zijdaEvC6BdwZildaEviadw71:28K8qZ
                                                                                                                                                                                                                                                                                                                                                    MD5:6C145AD84D0F5E0730D3988A9EC0D1A7
                                                                                                                                                                                                                                                                                                                                                    SHA1:96EB666D96E0A336B5C414913872866168C85918
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BB3F839598099465875B78748550B11E56249A55A45CCD7710672743C28345B1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:002DD2BF208E7C64B57875F82C2C4568B929D17EA4F60D58B40D20EBF6C7C3C6569EF1F40F96230CB6EF0BAEFC8174B7B4E2BD6BFF654662C17A369278BACAB9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p..........fP..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.I.Y.K....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.K............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.K..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............~......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\A1ENYRL7GZ99GPFLW2KC.temp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3134472551390215
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:rMdaEvCUgdw/zijdaEvC6BdwZildaEviadw71:28K8qZ
                                                                                                                                                                                                                                                                                                                                                    MD5:6C145AD84D0F5E0730D3988A9EC0D1A7
                                                                                                                                                                                                                                                                                                                                                    SHA1:96EB666D96E0A336B5C414913872866168C85918
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BB3F839598099465875B78748550B11E56249A55A45CCD7710672743C28345B1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:002DD2BF208E7C64B57875F82C2C4568B929D17EA4F60D58B40D20EBF6C7C3C6569EF1F40F96230CB6EF0BAEFC8174B7B4E2BD6BFF654662C17A369278BACAB9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p..........fP..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.I.Y.K....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.K............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.K..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............~......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M445HBNADO42X0357P12.temp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3134472551390215
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:rMdaEvCUgdw/zijdaEvC6BdwZildaEviadw71:28K8qZ
                                                                                                                                                                                                                                                                                                                                                    MD5:6C145AD84D0F5E0730D3988A9EC0D1A7
                                                                                                                                                                                                                                                                                                                                                    SHA1:96EB666D96E0A336B5C414913872866168C85918
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BB3F839598099465875B78748550B11E56249A55A45CCD7710672743C28345B1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:002DD2BF208E7C64B57875F82C2C4568B929D17EA4F60D58B40D20EBF6C7C3C6569EF1F40F96230CB6EF0BAEFC8174B7B4E2BD6BFF654662C17A369278BACAB9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p..........fP..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.I.Y.K....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.K............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.K..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............~......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.933142237036392
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLc38P:gXiNFS+OcUGOdwiOdwBjkYLc38P
                                                                                                                                                                                                                                                                                                                                                    MD5:2647D022ADE94B4583B7AF2F9C3B5757
                                                                                                                                                                                                                                                                                                                                                    SHA1:DA2BEE72DA6AFA2F4441B490B2D03ABFF36F79C5
                                                                                                                                                                                                                                                                                                                                                    SHA-256:DFB51F1B43454AE9564C79A3D4A64C10BDDDE0920083EC85C870CC51E527FA00
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A345B7E53FDE610C8E8AEF52FA34315B0861C45EAD5ED8FFA56C95BB1501DFABAA90F1C5CB301395C4B209D03F8F21E8877D9402D97223A5865E9C29ADD7C6D9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.933142237036392
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLc38P:gXiNFS+OcUGOdwiOdwBjkYLc38P
                                                                                                                                                                                                                                                                                                                                                    MD5:2647D022ADE94B4583B7AF2F9C3B5757
                                                                                                                                                                                                                                                                                                                                                    SHA1:DA2BEE72DA6AFA2F4441B490B2D03ABFF36F79C5
                                                                                                                                                                                                                                                                                                                                                    SHA-256:DFB51F1B43454AE9564C79A3D4A64C10BDDDE0920083EC85C870CC51E527FA00
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A345B7E53FDE610C8E8AEF52FA34315B0861C45EAD5ED8FFA56C95BB1501DFABAA90F1C5CB301395C4B209D03F8F21E8877D9402D97223A5865E9C29ADD7C6D9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                    MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                    SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                    MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                    SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                    MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                    SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                    SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                    MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                    SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                    MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                    SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                    • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0733309034670187
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkikS:DLhesh7Owd4+jik
                                                                                                                                                                                                                                                                                                                                                    MD5:D8077DE2090F10C0337E8BC88706447A
                                                                                                                                                                                                                                                                                                                                                    SHA1:33EE1F94F020D0C0788D902815D27E3DEC68ADB6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E7C080D1F45655414136F17E18FC1E26A35EE06A43D1BF2C6F6F6874246A67F7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:41F91726FA795860D020541D7293C65E96D0303F5B82C99E45840B930154F9D6FDD9732A774B07356BD020A0F052A9EF58CFC4CDE360A0F1AEC0E573B7722244
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.039499163775207576
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:GHlhVR3G0gL2qWlhVR3G0gL2qjil8a9//Ylll4llqlyllel4lt:G7VuLFyVuLFjGL9XIwlio
                                                                                                                                                                                                                                                                                                                                                    MD5:0A41A12ECC4AE405A9A5D0281D41AE4A
                                                                                                                                                                                                                                                                                                                                                    SHA1:E2DB6286CD194248D04E29DD34BD92FF2A3825B1
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C910DEC58658B97AA63FED0F4DBA21B49A2ED440A0E412E2CFB1133072F1E854
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1035A7CAF614A0736D3B4589E416902E8054F65848C59143DA8005195988BAAB0195BA21F7FF50F0F3D1B3A31E1E41C9A67AB5E53A97B196732C4107BE63F9A1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:..-.....................|..c.@.K.El.y..E...}Y....-.....................|..c.@.K.El.y..E...}Y..........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.09518048539936382
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:KY7ULxs9YCu1CG45xsMldCCQE/TSKCrsCs81xsayD4gmwlq2iEg:HAsWx4zJKDC8XVyD4UQ
                                                                                                                                                                                                                                                                                                                                                    MD5:5F24F3E208991E81BCCD2B70357B1418
                                                                                                                                                                                                                                                                                                                                                    SHA1:50EB9714FDF761E65E16A231FE5B65A0C2BE7EAD
                                                                                                                                                                                                                                                                                                                                                    SHA-256:598D22817171A3F0533A14C685D4B73ACAB60EB268B3AB9D2FCE61363CB60D42
                                                                                                                                                                                                                                                                                                                                                    SHA-512:4C671F15987B30AD4ED2D3042FFDF57FF799AF6BD1E0B7D22050AEC8B914B4544B2CEF3D2E88DD869C394C7BACEC0979CA4A32EF317E21249C7254E242167F7C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:7....-...........El.y...3H.M8.L.........El.y..P.C..p..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.465983498308335
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:bnTFTRRUYbBp6kpLZNMGaXCN6qU4Lvzy+/3/7Ma5RYiNBw8dKSl:nKefFNM3ILyCTdwx0
                                                                                                                                                                                                                                                                                                                                                    MD5:CB0DB086B786E1D8F48C5C5E747AB9E5
                                                                                                                                                                                                                                                                                                                                                    SHA1:5061211EEC3E487657CC2A589836AFF2AC96ED03
                                                                                                                                                                                                                                                                                                                                                    SHA-256:833D5DCD91F46ECCA618C2E86008EC12FB0C48486BBDE2FD2538911A1499A212
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1716624AA3020EBC4818BEC2E5D1DF48CC50539C09E0730BE9DC1429E2670AA44820BCA179F226F33E5D6837353341190C32709DD61B405D273D05A101E6CE3B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734433380);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734433380);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734433380);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173443

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.465983498308335
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:bnTFTRRUYbBp6kpLZNMGaXCN6qU4Lvzy+/3/7Ma5RYiNBw8dKSl:nKefFNM3ILyCTdwx0
                                                                                                                                                                                                                                                                                                                                                    MD5:CB0DB086B786E1D8F48C5C5E747AB9E5
                                                                                                                                                                                                                                                                                                                                                    SHA1:5061211EEC3E487657CC2A589836AFF2AC96ED03
                                                                                                                                                                                                                                                                                                                                                    SHA-256:833D5DCD91F46ECCA618C2E86008EC12FB0C48486BBDE2FD2538911A1499A212
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1716624AA3020EBC4818BEC2E5D1DF48CC50539C09E0730BE9DC1429E2670AA44820BCA179F226F33E5D6837353341190C32709DD61B405D273D05A101E6CE3B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734433380);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734433380);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734433380);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173443

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                    MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                    SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                    SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.330160468044267
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSMX2fNxLXnIgcV//pnxQwRlszT5sKL0XQT63eHVvwKXTGamhujJmyH:GUpOxOUTnR6n63eNwCTG4JNKRh4
                                                                                                                                                                                                                                                                                                                                                    MD5:736DF4CBCFFB9A3B9A4EA314A1FD521A
                                                                                                                                                                                                                                                                                                                                                    SHA1:1F2A4A71B3FD925C6027E1835502D37B2CCFDDE8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4347479694A04B61FD7398CD0EDBCA85B125095C0E3E1C07EFB32B7D140BF2D0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:7E678360301340283DB5DE6063B6B1FEEC369332461C7EBBF93C0635ED78FD30088F4CE3D9E2FDF989B0D12E50D2F1AD6DCD4BEA17E7CD86FA85EBD64365BC52
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{4ce960ff-ca68-45e1-9b7f-a3ff26b32e30}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734433400428,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...9,"startTim..`349563...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....355556,"originA

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.330160468044267
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSMX2fNxLXnIgcV//pnxQwRlszT5sKL0XQT63eHVvwKXTGamhujJmyH:GUpOxOUTnR6n63eNwCTG4JNKRh4
                                                                                                                                                                                                                                                                                                                                                    MD5:736DF4CBCFFB9A3B9A4EA314A1FD521A
                                                                                                                                                                                                                                                                                                                                                    SHA1:1F2A4A71B3FD925C6027E1835502D37B2CCFDDE8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4347479694A04B61FD7398CD0EDBCA85B125095C0E3E1C07EFB32B7D140BF2D0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:7E678360301340283DB5DE6063B6B1FEEC369332461C7EBBF93C0635ED78FD30088F4CE3D9E2FDF989B0D12E50D2F1AD6DCD4BEA17E7CD86FA85EBD64365BC52
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{4ce960ff-ca68-45e1-9b7f-a3ff26b32e30}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734433400428,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...9,"startTim..`349563...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....355556,"originA

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.330160468044267
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSMX2fNxLXnIgcV//pnxQwRlszT5sKL0XQT63eHVvwKXTGamhujJmyH:GUpOxOUTnR6n63eNwCTG4JNKRh4
                                                                                                                                                                                                                                                                                                                                                    MD5:736DF4CBCFFB9A3B9A4EA314A1FD521A
                                                                                                                                                                                                                                                                                                                                                    SHA1:1F2A4A71B3FD925C6027E1835502D37B2CCFDDE8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4347479694A04B61FD7398CD0EDBCA85B125095C0E3E1C07EFB32B7D140BF2D0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:7E678360301340283DB5DE6063B6B1FEEC369332461C7EBBF93C0635ED78FD30088F4CE3D9E2FDF989B0D12E50D2F1AD6DCD4BEA17E7CD86FA85EBD64365BC52
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{4ce960ff-ca68-45e1-9b7f-a3ff26b32e30}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734433400428,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...9,"startTim..`349563...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....355556,"originA

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                    MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                    SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.009825181343394
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YrSAYQHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:ycQCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                    MD5:A54576BEDF3440C5B65DDF93F91BB8AB
                                                                                                                                                                                                                                                                                                                                                    SHA1:5E630B504452EC1A874FA8A3E2EAEC58D31D1CC9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:6439D21371954FE3B929074841B895AC8AFC744207C16656A555481A9FA3558F
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0B4FAD949403F8C0E0AE55A8B0A4693B090598A8835F78A81B8DC15EEDE8468165ECBD033935CC5B92AAD88BE4AB63F68F7868BF09674EB9BBD65B9CCF0BE257
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-17T11:02:48.446Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.009825181343394
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YrSAYQHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:ycQCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                    MD5:A54576BEDF3440C5B65DDF93F91BB8AB
                                                                                                                                                                                                                                                                                                                                                    SHA1:5E630B504452EC1A874FA8A3E2EAEC58D31D1CC9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:6439D21371954FE3B929074841B895AC8AFC744207C16656A555481A9FA3558F
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0B4FAD949403F8C0E0AE55A8B0A4693B090598A8835F78A81B8DC15EEDE8468165ECBD033935CC5B92AAD88BE4AB63F68F7868BF09674EB9BBD65B9CCF0BE257
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-17T11:02:48.446Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.7011542054872315
                                                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                    File name:kjDPynh9vQ.exe
                                                                                                                                                                                                                                                                                                                                                    File size:969'216 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5:a94e88b82d8b95386186b27736dff926
                                                                                                                                                                                                                                                                                                                                                    SHA1:1c3e3a04d8d2f43867f4441ea230f5893cd14d76
                                                                                                                                                                                                                                                                                                                                                    SHA256:a9d9260b88c2a2f7543c9d9d61366685b2595517fbeb64cc7129898213d56b8e
                                                                                                                                                                                                                                                                                                                                                    SHA512:3b0883361d7f615e5389efad9d8b4bf512bc70120b6a38e9d23657f7405547fb13baa726d370d1a3adb30cd23e73b2342446f16c1bb9c497d63e861dd1169eb1
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8aeXUNdL:oTvC/MTQYxsWR7aeXUN
                                                                                                                                                                                                                                                                                                                                                    TLSH:9A259E027391C062FFAB92334F5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                                                                    Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                    Time Stamp:0x67609525 [Mon Dec 16 21:01:25 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                                                                                    call 00007F2E88D296D3h
                                                                                                                                                                                                                                                                                                                                                    jmp 00007F2E88D28FDFh
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    call 00007F2E88D291BDh
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    call 00007F2E88D2918Ah
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    add eax, 04h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F2E88D2BD7Dh
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F2E88D2BDC8h
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F2E88D2BDB1h
                                                                                                                                                                                                                                                                                                                                                    test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                    pop ecx

                                                                                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x15ef0.rsrc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xea0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                    .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                    .rsrc0xd40000x15ef00x160006efd1f55497552763484dcbee7a1cf66False0.6978426846590909data7.156673325025995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .reloc0xea0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                    RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                    RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0xdc8fc0xd072data1.0004872381095162
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe99700x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe99e80x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe99fc0x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe9a100x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                    RT_VERSION0xe9a240xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                    RT_MANIFEST0xe9b000x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                                                                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                    USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                    GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                    OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                    EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.582686901 CET49716443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.582740068 CET4434971635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.583676100 CET49716443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.588193893 CET49716443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.588221073 CET4434971635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.282860041 CET49717443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.282912016 CET44349717142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.283023119 CET49718443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.283082962 CET44349718142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.283263922 CET49717443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.284672976 CET49718443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.287481070 CET49717443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.287496090 CET44349717142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.289014101 CET49718443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.289041042 CET44349718142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.289217949 CET4971980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.408914089 CET804971934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.412033081 CET4971980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.412250996 CET4971980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.531948090 CET804971934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.553416014 CET49725443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.553488016 CET4434972534.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.554438114 CET49725443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.556032896 CET49725443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.556060076 CET4434972534.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.808414936 CET4434971635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.809225082 CET49716443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.496767044 CET804971934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.540620089 CET4971980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.624119997 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.624150991 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.629553080 CET49716443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.629565954 CET4434971635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.629735947 CET49716443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.629789114 CET4434971635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.632597923 CET49716443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.632606030 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.789598942 CET4434972534.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.789669037 CET49725443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.842103004 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.842122078 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.845299006 CET49728443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.845321894 CET4434972834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.847114086 CET49725443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.847125053 CET4434972534.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.847182989 CET49725443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.847249985 CET4434972534.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.847584963 CET49725443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.847848892 CET49728443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.848968983 CET49728443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.848978996 CET4434972834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.984406948 CET44349717142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.984513044 CET49717443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.985130072 CET44349717142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.985512972 CET49717443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.986691952 CET44349718142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.986783028 CET49718443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.987426996 CET44349718142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.987471104 CET49718443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.992202044 CET49717443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.992239952 CET44349717142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.992306948 CET49717443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.992481947 CET44349717142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.994390965 CET49718443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.994410038 CET44349718142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.994481087 CET49718443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.994690895 CET49717443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.994721889 CET44349718142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.995848894 CET49718443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.070585966 CET4971980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.190319061 CET804971934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.209538937 CET4972980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.230616093 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.230731010 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.231488943 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.231683969 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.231694937 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.329241037 CET804972934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.330353975 CET4972980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.331032038 CET4972980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.385188103 CET804971934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.431252003 CET4971980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.450778008 CET804972934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.505028009 CET4972980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.661169052 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.672018051 CET804972934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.780874014 CET804973734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.781183004 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.781332970 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.900986910 CET804973734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.058300018 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.058322906 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.058383942 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.061593056 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.061604977 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.061917067 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.064796925 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.064899921 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.064971924 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.065045118 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.076267004 CET4434972834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.079953909 CET49728443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.084151030 CET49728443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.084193945 CET4434972834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.084255934 CET49728443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.084386110 CET4434972834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.084487915 CET49728443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.221451044 CET804972934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.221513987 CET4972980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.320950985 CET49739443192.168.2.6216.137.52.83
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.320997953 CET44349739216.137.52.83192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.321486950 CET49739443192.168.2.6216.137.52.83
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.322879076 CET49739443192.168.2.6216.137.52.83
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.322897911 CET44349739216.137.52.83192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.398761988 CET4971980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.446510077 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.446614027 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.450572968 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.450594902 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.450859070 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.453547001 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.453639030 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.453711033 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.453788996 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.500677109 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.500742912 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.501842022 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.503376961 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.504956007 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.504976988 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.518915892 CET804971934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.519373894 CET4971980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.621750116 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.625217915 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.625612974 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.745364904 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.868216991 CET804973734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.888151884 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.009866953 CET804973734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.010421038 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.710079908 CET44349739216.137.52.83192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.710170031 CET49739443192.168.2.6216.137.52.83
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.710820913 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.716109037 CET49739443192.168.2.6216.137.52.83
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.716130018 CET44349739216.137.52.83192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.716276884 CET49739443192.168.2.6216.137.52.83
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.716300011 CET44349739216.137.52.83192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.716356039 CET49739443192.168.2.6216.137.52.83
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.724483967 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.724565029 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.729737043 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.729756117 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.729851961 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.729918003 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.729960918 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.730297089 CET49747443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.730324984 CET4434974734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.730436087 CET49747443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.731981993 CET49747443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.731992006 CET4434974734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.763025045 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:23.957549095 CET4434974734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:23.959341049 CET49747443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:23.964430094 CET49747443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:23.964440107 CET4434974734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:23.964530945 CET49747443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:23.964610100 CET4434974734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:23.964664936 CET49747443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.640896082 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.641637087 CET4975680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.760715961 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.761318922 CET804975634.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.761379957 CET4975680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.905658960 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.955585957 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.001780987 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.025465965 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.025625944 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.025854111 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.145530939 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.392782927 CET49759443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.392880917 CET4434975935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.394296885 CET49759443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.394449949 CET49759443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.394484997 CET4434975935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.647541046 CET4975680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.767517090 CET804975634.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.767646074 CET4975680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.111989975 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.155117989 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.614259958 CET4434975935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.614360094 CET49759443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.617338896 CET49759443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.617357969 CET4434975935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.617645979 CET4434975935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.620431900 CET49759443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.620546103 CET49759443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.620654106 CET4434975935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.620721102 CET49759443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.559456110 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.559499979 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.559570074 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.563817024 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.563826084 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.855664968 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.975435019 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.170147896 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.217777014 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.369353056 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.489118099 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.684320927 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.741153955 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.779723883 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.779819012 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.784126043 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.784143925 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.784225941 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.784317970 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.784374952 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.354362011 CET4975680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.474699020 CET804975634.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.474773884 CET4975680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.596266985 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.656214952 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.656254053 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.656461000 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.657951117 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.657979012 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.698271036 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.698827982 CET49778443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.698867083 CET4434977834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.701776981 CET49778443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.703274965 CET49778443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.703289032 CET4434977834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.716146946 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.818432093 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.841310024 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.841413021 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.841917038 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.843365908 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.843400002 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.910839081 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.955780983 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.012857914 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.056081057 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.301522970 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.421487093 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.616260052 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.657913923 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.873684883 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.873790979 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.916954041 CET4434977834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.917052984 CET49778443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.054958105 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.055155993 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.583605051 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.583637953 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.583890915 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.583906889 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.584041119 CET49778443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.584069014 CET4434977834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.584259987 CET4434977834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.584268093 CET49778443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.584279060 CET4434977834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.584872961 CET49785443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.584903002 CET4434978534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.586496115 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.586505890 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.586575031 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.586745024 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.588018894 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.588032007 CET49778443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.588067055 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.588099003 CET49785443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.589447021 CET49785443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:34.589457035 CET4434978534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.147046089 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.163449049 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.163495064 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.167360067 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.168816090 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.168828011 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.267021894 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.461390018 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.510102034 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.800579071 CET4434978534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.800659895 CET49785443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.378814936 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.378917933 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.435712099 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.440020084 CET49785443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.440068007 CET4434978534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.440114021 CET49785443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.440223932 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.440243959 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.440295935 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.440300941 CET4434978534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.440396070 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.443233967 CET49785443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.443234921 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.557169914 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.750422955 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.798408031 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.164794922 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.285069942 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.430017948 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.430071115 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.430341005 CET49794443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.430399895 CET4434979434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.431241035 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.431417942 CET49794443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.431533098 CET49794443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.431546926 CET4434979434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.431591988 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.431607008 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.432332993 CET49795443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.432349920 CET4434979534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.433758020 CET49795443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.434102058 CET49795443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.434112072 CET4434979534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.479484081 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.484226942 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.538340092 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.604001045 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.798989058 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.839252949 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.659936905 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.660029888 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.660965919 CET4434979534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.661052942 CET49795443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.662460089 CET4434979434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.663731098 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.663769007 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.663999081 CET49794443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.664132118 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.666328907 CET49794443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.666346073 CET4434979434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.666909933 CET4434979434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.671401024 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.671541929 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.671818972 CET49794443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.671870947 CET49794443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.671901941 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.672291040 CET4434979434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.672528028 CET49795443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.672544956 CET4434979534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.672609091 CET49795443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.672947884 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.672955036 CET49794443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.673080921 CET4434979534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.673705101 CET49795443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.802483082 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.805793047 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.805851936 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.806157112 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.807560921 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.807583094 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.922271013 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.117319107 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.174412012 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.021923065 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.023834944 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.033474922 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.033514023 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.033592939 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.033771038 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.045999050 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.063747883 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.183634996 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.379755020 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.447068930 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.846375942 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.852853060 CET49805443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.852982044 CET4434980534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.853671074 CET49806443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.853704929 CET4434980634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.860507965 CET49805443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.860598087 CET49806443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.862098932 CET49805443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.862144947 CET4434980534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.863383055 CET49806443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.863399982 CET4434980634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.966245890 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.161010027 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.164588928 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.211715937 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.284646988 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.478995085 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.528219938 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.076159954 CET4434980634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.076181889 CET4434980634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.076292038 CET49806443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.078403950 CET4434980534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.078419924 CET4434980534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.078545094 CET49805443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.084394932 CET49806443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.084405899 CET4434980634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.084501028 CET49806443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.084616899 CET4434980634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.084798098 CET49805443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.084804058 CET4434980534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.084865093 CET49805443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.084924936 CET4434980534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.085036993 CET49806443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.085053921 CET49805443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.088217020 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.207945108 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.402664900 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.413939953 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.453072071 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.533868074 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.728436947 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.769624949 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.947412968 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.947519064 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.951530933 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.952011108 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.952040911 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.965188026 CET49816443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.965223074 CET4434981634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.966475010 CET49816443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.966607094 CET49816443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.966619968 CET4434981634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.995147943 CET49817443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.995199919 CET4434981735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.007466078 CET49817443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.009169102 CET49817443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.009192944 CET4434981735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.107465029 CET49818443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.107518911 CET44349818151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.108438969 CET49818443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.108618021 CET49818443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.108628035 CET44349818151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.163372040 CET49819443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.163418055 CET4434981935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.163794041 CET49819443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.165275097 CET49819443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.165287018 CET4434981935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.167164087 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.167275906 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.170766115 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.170782089 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.171004057 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.173209906 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.173326969 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.173345089 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.173999071 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.177988052 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.182132006 CET4434981634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.182245016 CET49816443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.185055017 CET49816443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.185064077 CET4434981634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.185308933 CET4434981634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.187382936 CET49816443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.187468052 CET49816443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.187514067 CET4434981634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.187848091 CET49816443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.221110106 CET4434981735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.221128941 CET4434981735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.221204042 CET49817443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.225246906 CET49817443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.225253105 CET4434981735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.225378036 CET49817443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.225392103 CET4434981735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.225600958 CET49817443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.297822952 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.326240063 CET44349818151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.326349020 CET49818443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.329701900 CET49818443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.329732895 CET44349818151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.330020905 CET44349818151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.332201004 CET49818443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.332294941 CET49818443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.332379103 CET44349818151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.342062950 CET49818443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.343379021 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.343441010 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.343631983 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.343770027 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.343792915 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.345830917 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.345902920 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.345994949 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.346076965 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.346098900 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.348262072 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.348337889 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.348515034 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.348699093 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.348726988 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.380907059 CET4434981935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.380971909 CET49819443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.385160923 CET49819443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.385179043 CET4434981935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.385270119 CET49819443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.385412931 CET4434981935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.385838032 CET49819443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.399260998 CET49827443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.399306059 CET4434982734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.399642944 CET49827443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.399782896 CET49827443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.399806976 CET4434982734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.492780924 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.496512890 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.543056965 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.616452932 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.811255932 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.866202116 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.555423021 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.555521965 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.558640957 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.558662891 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.558965921 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.559274912 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.559367895 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.559783936 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.559876919 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.562150955 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.562165976 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.562393904 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.564730883 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.564743996 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.564981937 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.567279100 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.567433119 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.567497969 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.567503929 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.568202019 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.569770098 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.569842100 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.569921970 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.570108891 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.570157051 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.570288897 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.575489998 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.577574968 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.577584982 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.617944956 CET4434982734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.618053913 CET49827443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.621201992 CET49827443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.621232033 CET4434982734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.621551037 CET4434982734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.624171972 CET49827443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.624291897 CET49827443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.624346972 CET4434982734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.624479055 CET49827443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.695261955 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.890405893 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.893768072 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.931552887 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:48.013559103 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:48.208686113 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:48.270282030 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:52.102869987 CET49842443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:52.102926016 CET4434984234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:52.103347063 CET49842443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:52.104572058 CET49842443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:52.104585886 CET4434984234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.315274954 CET4434984234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.315367937 CET49842443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.321037054 CET49842443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.321059942 CET4434984234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.321151972 CET49842443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.321259975 CET4434984234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.322303057 CET49842443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.324356079 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.444323063 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.639282942 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.643856049 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.686491966 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.763793945 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.959052086 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:54.003032923 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:03.646472931 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:03.766491890 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:03.962980986 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:04.082802057 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:11.917989969 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.037743092 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.232650995 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.243253946 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.287623882 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.363019943 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.557708025 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.604234934 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.559914112 CET49895443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.559974909 CET4434989534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.560386896 CET49895443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.561849117 CET49895443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.561863899 CET4434989534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745045900 CET49897443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745121002 CET4434989734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745270014 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745321989 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745336056 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745351076 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745510101 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745601892 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745626926 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745647907 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745726109 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745757103 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745850086 CET49897443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745867014 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745893002 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745994091 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746021032 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746021032 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746078968 CET49897443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746100903 CET4434989734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746222973 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746253014 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746279001 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746294975 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746367931 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746387959 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746419907 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746433020 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746489048 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.746501923 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.783607960 CET4434989534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.791697025 CET49895443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.797815084 CET49895443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.797854900 CET4434989534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.797909021 CET49895443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.798193932 CET4434989534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.798321009 CET49895443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.847786903 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.968794107 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.163753986 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.189810038 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.212085009 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.309873104 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.504694939 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.550775051 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.963406086 CET4434989734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.963521004 CET49897443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.964288950 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.964425087 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.965986013 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.966428995 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.966468096 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.966552973 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.966979027 CET49897443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.967005014 CET4434989734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.967134953 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.967170000 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.967178106 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.967209101 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.967266083 CET4434989734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.969672918 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.969686985 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.969959021 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.972074032 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.972093105 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.972471952 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.974538088 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.974550962 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.974914074 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.977010965 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.977042913 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.977365017 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.979368925 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.979398966 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.979769945 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.986232042 CET49897443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.986763954 CET4434989734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.986855030 CET49897443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.986871958 CET4434989734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.987545013 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.987658978 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.987730026 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.987736940 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.987864971 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.988235950 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.988234997 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.988270044 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.988385916 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.988423109 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.988816977 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.988878965 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.989073038 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.989255905 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.989331007 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.989506006 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.992587090 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.992677927 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.992990017 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994159937 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994175911 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994175911 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994180918 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994180918 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994195938 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994195938 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994378090 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994394064 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994505882 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.994518995 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.996248007 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.116287947 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.191375017 CET4434989734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.191478968 CET49897443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.311017036 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.314768076 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.353085041 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.434647083 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.629055977 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.669617891 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.205672026 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.205761909 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.208730936 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.208743095 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.209022045 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.211002111 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.211283922 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.211417913 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.211431980 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.211668015 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.213349104 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.214343071 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.214396954 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.214713097 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.214905024 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.217387915 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.217495918 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.217643023 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.217834949 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.334717989 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.529800892 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.533173084 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.572431087 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.654119015 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.848784924 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.904444933 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:27.532740116 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:27.652667046 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:27.864635944 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:27.984853983 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:37.661389112 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:37.781250000 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:37.993382931 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:38.113115072 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:47.791557074 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:47.911710978 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:48.123552084 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:48.243613958 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.971079111 CET49999443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.971148014 CET4434999934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.971261978 CET49999443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.972879887 CET49999443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.972909927 CET4434999934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.189949989 CET4434999934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.190192938 CET49999443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.196985960 CET49999443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.197026014 CET4434999934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.197107077 CET49999443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.197232962 CET4434999934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.198345900 CET49999443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.200874090 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.320609093 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.515727997 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.521362066 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.570710897 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.641216993 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.835867882 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.887763023 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:06.528848886 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:06.648818016 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:06.845295906 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:06.965228081 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:16.655020952 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:16.774988890 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:16.977894068 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:17.097971916 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:26.783622980 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:26.903486013 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:27.106678963 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:27.226929903 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:36.913244009 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:37.033123970 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:37.236332893 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:37.356321096 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:47.043170929 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:47.163352013 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:47.366255999 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:47.486185074 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:57.173065901 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:57.292881966 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:57.495798111 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:57.615724087 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:31:07.302086115 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:31:07.421817064 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:31:07.625288010 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:31:07.745148897 CET804975734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:31:17.430780888 CET4974180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:31:17.550510883 CET804974134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:31:17.747263908 CET4975780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:31:17.866945982 CET804975734.107.221.82192.168.2.6

                                                                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.583580017 CET6086653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.721860886 CET53608661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.722826004 CET6447953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.864897966 CET53644791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.143527985 CET5784853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.143826962 CET4963953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.281147003 CET53578481.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.283054113 CET5730053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.287409067 CET6342053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.414365053 CET6039353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.420646906 CET53573001.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.424480915 CET5853053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.425527096 CET53634201.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.426160097 CET5209953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.551841021 CET53603931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.553494930 CET5509353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.660921097 CET53585301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.667038918 CET53520991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.690951109 CET53550931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.693499088 CET6161653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.831110954 CET53616161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.620543957 CET5648153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.620938063 CET5961853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.757689953 CET53564811.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.757723093 CET53596181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.758511066 CET5640553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.844702959 CET6143453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.854475975 CET6184553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.982966900 CET53614341.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.983825922 CET6040853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.991941929 CET53618451.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.995165110 CET53564051.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.995801926 CET6021553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.069714069 CET5922053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.085252047 CET6032153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.121892929 CET53604081.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.132750988 CET53602151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.204202890 CET5734553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.222573042 CET53603211.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.231292963 CET6200853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.369322062 CET53620081.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.370203972 CET5425453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.507440090 CET53542541.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.852061033 CET53551301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.077919006 CET6353253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.319613934 CET53635321.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.321405888 CET5311653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.533144951 CET53531161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.534157038 CET6418453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET53641841.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.438579082 CET6114753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.577888012 CET53611471.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.579412937 CET5689453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.800267935 CET53568941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.813347101 CET6053653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.952502966 CET53605361.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.394210100 CET5288053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.627732992 CET53528801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.559628963 CET4938153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.792984009 CET53493811.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.795495987 CET5605353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.001442909 CET53560531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.523894072 CET5837953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.661097050 CET53583791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.662596941 CET5323753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.800523996 CET53532371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.801465034 CET6261753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.939627886 CET53626171.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.504925013 CET6189853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.642395973 CET53618981.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.656367064 CET5693053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.794939995 CET53569301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.798474073 CET5937653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.937194109 CET53593761.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.431170940 CET5838253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.568389893 CET53583821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.562597036 CET6417253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.562597036 CET5394753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.562922001 CET6144253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET53641721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.700371981 CET53614421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.701482058 CET6375853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.702323914 CET5546453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.793653011 CET53539471.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.795706987 CET6284553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET53637581.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839579105 CET53554641.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.840924025 CET5427453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.841063023 CET5099653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.933527946 CET53628451.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.934442997 CET6390353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.979388952 CET53509961.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.994343042 CET5446153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.088087082 CET53639031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.089180946 CET6124053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.132265091 CET53544611.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.133301020 CET6043753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.157301903 CET53542741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.227669001 CET53612401.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.228622913 CET5170353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.272459030 CET53604371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.273514032 CET4975353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.365701914 CET53517031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.369354963 CET5502953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.502185106 CET53497531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.506159067 CET53550291.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.855515957 CET5730253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.992880106 CET53573021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.948582888 CET5951553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.962719917 CET6225953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.013691902 CET5029253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.087682009 CET53595151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.103682041 CET53622591.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.108453989 CET6145553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.162158012 CET53502921.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.163747072 CET5793853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.303198099 CET53579381.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.304506063 CET6301553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.335823059 CET53614551.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.339956045 CET6107253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.443018913 CET53630151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.479177952 CET53610721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:52.103435993 CET5763453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:52.336564064 CET53576341.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.324641943 CET5288053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.325731993 CET4968653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.558809042 CET53496861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.560349941 CET5428053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.697916985 CET53542801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745995998 CET6530053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.883495092 CET53653001.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.832185030 CET6073553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.969585896 CET53607351.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.971306086 CET6497453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:55.201878071 CET53649741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.201106071 CET6254853192.168.2.61.1.1.1

                                                                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.583580017 CET192.168.2.61.1.1.10xc2c3Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.722826004 CET192.168.2.61.1.1.10x9aa4Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.143527985 CET192.168.2.61.1.1.10xae8cStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.143826962 CET192.168.2.61.1.1.10x7d5aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.283054113 CET192.168.2.61.1.1.10xde3cStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.287409067 CET192.168.2.61.1.1.10x32Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.414365053 CET192.168.2.61.1.1.10x6880Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.424480915 CET192.168.2.61.1.1.10x8dedStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.426160097 CET192.168.2.61.1.1.10xdb7dStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.553494930 CET192.168.2.61.1.1.10x4531Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.693499088 CET192.168.2.61.1.1.10x741aStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.620543957 CET192.168.2.61.1.1.10x2e92Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.620938063 CET192.168.2.61.1.1.10x9facStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.758511066 CET192.168.2.61.1.1.10xc80Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.844702959 CET192.168.2.61.1.1.10xc30eStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.854475975 CET192.168.2.61.1.1.10x7732Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.983825922 CET192.168.2.61.1.1.10x65e4Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.995801926 CET192.168.2.61.1.1.10x69a7Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.069714069 CET192.168.2.61.1.1.10x17f2Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.085252047 CET192.168.2.61.1.1.10xe6fStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.204202890 CET192.168.2.61.1.1.10x2726Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.231292963 CET192.168.2.61.1.1.10x89caStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.370203972 CET192.168.2.61.1.1.10x4813Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.077919006 CET192.168.2.61.1.1.10x93cbStandard query (0)mitmdetection.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.321405888 CET192.168.2.61.1.1.10xa322Standard query (0)mitmdetection.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.534157038 CET192.168.2.61.1.1.10x187fStandard query (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.438579082 CET192.168.2.61.1.1.10xcdedStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.579412937 CET192.168.2.61.1.1.10xbfacStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.813347101 CET192.168.2.61.1.1.10xed46Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.394210100 CET192.168.2.61.1.1.10xc023Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.559628963 CET192.168.2.61.1.1.10xe1bStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.795495987 CET192.168.2.61.1.1.10xa444Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.523894072 CET192.168.2.61.1.1.10x3921Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.662596941 CET192.168.2.61.1.1.10x209Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.801465034 CET192.168.2.61.1.1.10x11c2Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.504925013 CET192.168.2.61.1.1.10x12e9Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.656367064 CET192.168.2.61.1.1.10x1999Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.798474073 CET192.168.2.61.1.1.10xe3f4Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.431170940 CET192.168.2.61.1.1.10x7147Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.562597036 CET192.168.2.61.1.1.10x12cfStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.562597036 CET192.168.2.61.1.1.10x7591Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.562922001 CET192.168.2.61.1.1.10xa2c4Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.701482058 CET192.168.2.61.1.1.10x6759Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.702323914 CET192.168.2.61.1.1.10x66eStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.795706987 CET192.168.2.61.1.1.10x9b1cStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.840924025 CET192.168.2.61.1.1.10x861cStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.841063023 CET192.168.2.61.1.1.10x6d21Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.934442997 CET192.168.2.61.1.1.10x93afStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.994343042 CET192.168.2.61.1.1.10x9dc8Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.089180946 CET192.168.2.61.1.1.10xe0edStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.133301020 CET192.168.2.61.1.1.10x5553Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.228622913 CET192.168.2.61.1.1.10x1d6bStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.273514032 CET192.168.2.61.1.1.10x8d31Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.369354963 CET192.168.2.61.1.1.10x78d2Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.855515957 CET192.168.2.61.1.1.10x88b1Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.948582888 CET192.168.2.61.1.1.10x2481Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:44.962719917 CET192.168.2.61.1.1.10xd58fStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.013691902 CET192.168.2.61.1.1.10xe13cStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.108453989 CET192.168.2.61.1.1.10x8ec9Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.163747072 CET192.168.2.61.1.1.10xa45eStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.304506063 CET192.168.2.61.1.1.10x30f1Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.339956045 CET192.168.2.61.1.1.10x6d8eStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:52.103435993 CET192.168.2.61.1.1.10xa2b1Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.324641943 CET192.168.2.61.1.1.10x1b12Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.325731993 CET192.168.2.61.1.1.10xb0baStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.560349941 CET192.168.2.61.1.1.10x7c9cStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.745995998 CET192.168.2.61.1.1.10x2657Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.832185030 CET192.168.2.61.1.1.10x2c21Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.971306086 CET192.168.2.61.1.1.10xa945Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.201106071 CET192.168.2.61.1.1.10x2ddaStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.481462955 CET1.1.1.1192.168.2.60x17fdNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:17.721860886 CET1.1.1.1192.168.2.60xc2c3No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.281147003 CET1.1.1.1192.168.2.60xae8cNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.281776905 CET1.1.1.1192.168.2.60x7d5aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.281776905 CET1.1.1.1192.168.2.60x7d5aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.420646906 CET1.1.1.1192.168.2.60xde3cNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.425527096 CET1.1.1.1192.168.2.60x32No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.551841021 CET1.1.1.1192.168.2.60x6880No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.660921097 CET1.1.1.1192.168.2.60x8dedNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.667038918 CET1.1.1.1192.168.2.60xdb7dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.687099934 CET1.1.1.1192.168.2.60x2137No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.687099934 CET1.1.1.1192.168.2.60x2137No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.690951109 CET1.1.1.1192.168.2.60x4531No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.757689953 CET1.1.1.1192.168.2.60x2e92No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.757689953 CET1.1.1.1192.168.2.60x2e92No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.757723093 CET1.1.1.1192.168.2.60x9facNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.982966900 CET1.1.1.1192.168.2.60xc30eNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.991941929 CET1.1.1.1192.168.2.60x7732No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.132750988 CET1.1.1.1192.168.2.60x69a7No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.132750988 CET1.1.1.1192.168.2.60x69a7No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.206752062 CET1.1.1.1192.168.2.60x17f2No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.206752062 CET1.1.1.1192.168.2.60x17f2No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.222573042 CET1.1.1.1192.168.2.60xe6fNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.222573042 CET1.1.1.1192.168.2.60xe6fNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.222573042 CET1.1.1.1192.168.2.60xe6fNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.369322062 CET1.1.1.1192.168.2.60x89caNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.438785076 CET1.1.1.1192.168.2.60x2726No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.507440090 CET1.1.1.1192.168.2.60x4813No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.319613934 CET1.1.1.1192.168.2.60x93cbNo error (0)mitmdetection.services.mozilla.com216.137.52.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.319613934 CET1.1.1.1192.168.2.60x93cbNo error (0)mitmdetection.services.mozilla.com216.137.52.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.319613934 CET1.1.1.1192.168.2.60x93cbNo error (0)mitmdetection.services.mozilla.com216.137.52.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.319613934 CET1.1.1.1192.168.2.60x93cbNo error (0)mitmdetection.services.mozilla.com216.137.52.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.533144951 CET1.1.1.1192.168.2.60xa322No error (0)mitmdetection.services.mozilla.com18.66.161.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.533144951 CET1.1.1.1192.168.2.60xa322No error (0)mitmdetection.services.mozilla.com18.66.161.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.533144951 CET1.1.1.1192.168.2.60xa322No error (0)mitmdetection.services.mozilla.com18.66.161.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.533144951 CET1.1.1.1192.168.2.60xa322No error (0)mitmdetection.services.mozilla.com18.66.161.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET1.1.1.1192.168.2.60x187fNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET1.1.1.1192.168.2.60x187fNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET1.1.1.1192.168.2.60x187fNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET1.1.1.1192.168.2.60x187fNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET1.1.1.1192.168.2.60x187fNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET1.1.1.1192.168.2.60x187fNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET1.1.1.1192.168.2.60x187fNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.744251966 CET1.1.1.1192.168.2.60x187fNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.577888012 CET1.1.1.1192.168.2.60xcdedNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.577888012 CET1.1.1.1192.168.2.60xcdedNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.577888012 CET1.1.1.1192.168.2.60xcdedNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.800267935 CET1.1.1.1192.168.2.60xbfacNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.390836000 CET1.1.1.1192.168.2.60x7e4cNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.390836000 CET1.1.1.1192.168.2.60x7e4cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.558183908 CET1.1.1.1192.168.2.60xcab4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.792984009 CET1.1.1.1192.168.2.60xe1bNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.661097050 CET1.1.1.1192.168.2.60x3921No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.800523996 CET1.1.1.1192.168.2.60x209No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.642395973 CET1.1.1.1192.168.2.60x12e9No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.642395973 CET1.1.1.1192.168.2.60x12e9No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.794939995 CET1.1.1.1192.168.2.60x1999No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.837193966 CET1.1.1.1192.168.2.60xdf90No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.428262949 CET1.1.1.1192.168.2.60xc9a7No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.699887037 CET1.1.1.1192.168.2.60x12cfNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.700371981 CET1.1.1.1192.168.2.60xa2c4No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.700371981 CET1.1.1.1192.168.2.60xa2c4No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.793653011 CET1.1.1.1192.168.2.60x7591No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.793653011 CET1.1.1.1192.168.2.60x7591No error (0)star-mini.c10r.facebook.com31.13.69.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839015007 CET1.1.1.1192.168.2.60x6759No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.839579105 CET1.1.1.1192.168.2.60x66eNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.933527946 CET1.1.1.1192.168.2.60x9b1cNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.979388952 CET1.1.1.1192.168.2.60x6d21No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.979388952 CET1.1.1.1192.168.2.60x6d21No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.979388952 CET1.1.1.1192.168.2.60x6d21No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.979388952 CET1.1.1.1192.168.2.60x6d21No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.088087082 CET1.1.1.1192.168.2.60x93afNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.132265091 CET1.1.1.1192.168.2.60x9dc8No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.132265091 CET1.1.1.1192.168.2.60x9dc8No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.132265091 CET1.1.1.1192.168.2.60x9dc8No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.132265091 CET1.1.1.1192.168.2.60x9dc8No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.132265091 CET1.1.1.1192.168.2.60x9dc8No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.157301903 CET1.1.1.1192.168.2.60x861cNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.227669001 CET1.1.1.1192.168.2.60xe0edNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.272459030 CET1.1.1.1192.168.2.60x5553No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.272459030 CET1.1.1.1192.168.2.60x5553No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.272459030 CET1.1.1.1192.168.2.60x5553No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.272459030 CET1.1.1.1192.168.2.60x5553No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.365701914 CET1.1.1.1192.168.2.60x1d6bNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.103682041 CET1.1.1.1192.168.2.60xd58fNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.103682041 CET1.1.1.1192.168.2.60xd58fNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.103682041 CET1.1.1.1192.168.2.60xd58fNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.103682041 CET1.1.1.1192.168.2.60xd58fNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.162158012 CET1.1.1.1192.168.2.60xe13cNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.162158012 CET1.1.1.1192.168.2.60xe13cNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.303198099 CET1.1.1.1192.168.2.60xa45eNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.335823059 CET1.1.1.1192.168.2.60x8ec9No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.335823059 CET1.1.1.1192.168.2.60x8ec9No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.335823059 CET1.1.1.1192.168.2.60x8ec9No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.335823059 CET1.1.1.1192.168.2.60x8ec9No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.479177952 CET1.1.1.1192.168.2.60x6d8eNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.479177952 CET1.1.1.1192.168.2.60x6d8eNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.479177952 CET1.1.1.1192.168.2.60x6d8eNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:45.479177952 CET1.1.1.1192.168.2.60x6d8eNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:48.056808949 CET1.1.1.1192.168.2.60xcc62No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:48.056808949 CET1.1.1.1192.168.2.60xcc62No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.557620049 CET1.1.1.1192.168.2.60x1b12No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.557620049 CET1.1.1.1192.168.2.60x1b12No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:13.558809042 CET1.1.1.1192.168.2.60xb0baNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.741170883 CET1.1.1.1192.168.2.60x24dbNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:54.969585896 CET1.1.1.1192.168.2.60x2c21No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.442198038 CET1.1.1.1192.168.2.60x2ddaNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.442198038 CET1.1.1.1192.168.2.60x2ddaNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                    • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    0192.168.2.64971934.107.221.82806556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:18.412250996 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:19.496767044 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 11:33:04 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 78915
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.070585966 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.385188103 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 11:33:04 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 78916
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    1192.168.2.64972934.107.221.82806556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.331032038 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    2192.168.2.64973734.107.221.82806556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:20.781332970 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.868216991 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83902
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    3192.168.2.64974134.107.221.82806556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:21.625612974 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:22.710820913 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83937
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.640896082 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:25.955585957 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83940
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.369353056 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.684320927 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83946
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.698271036 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.012857914 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83947
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.147046089 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:35.461390018 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83950
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.164794922 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.479484081 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83952
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:38.802483082 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:39.117319107 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83953
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.846375942 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.161010027 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83956
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.088217020 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.402664900 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83957
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.177988052 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.492780924 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83961
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.575489998 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.890405893 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83962
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.324356079 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.639282942 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83968
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:03.646472931 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:11.917989969 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.232650995 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83987
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:14.847786903 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.163753986 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83990
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.996248007 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.311017036 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83991
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.214905024 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.529800892 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83992
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:27.532740116 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:37.661389112 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:47.791557074 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.200874090 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.515727997 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 84031
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:06.528848886 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:16.655020952 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:26.783622980 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:36.913244009 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:47.043170929 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:57.173065901 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    4192.168.2.64975734.107.221.82806556C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:26.025854111 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:27.111989975 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83907
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:30.855664968 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:31.170147896 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83912
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.596266985 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:32.910839081 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83913
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.301522970 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:33.616260052 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83914
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.435712099 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:36.750422955 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83917
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.484226942 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:37.798989058 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83918
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.063747883 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:40.379755020 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83921
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.164588928 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:41.478995085 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83922
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.413939953 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:42.728436947 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83923
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.496512890 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:46.811255932 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83927
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:47.893768072 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:48.208686113 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83929
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.643856049 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:28:53.959052086 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83934
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:03.962980986 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.243253946 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:12.557708025 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83953
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.189810038 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:15.504694939 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83956
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.314768076 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:16.629055977 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83957
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.533173084 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:17.848784924 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83958
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:27.864635944 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:37.993382931 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:48.123552084 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.521362066 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:29:56.835867882 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 83997
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:06.845295906 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:16.977894068 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:27.106678963 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:37.236332893 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:47.366255999 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 17, 2024 10:30:57.495798111 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:08
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\kjDPynh9vQ.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\kjDPynh9vQ.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x540000
                                                                                                                                                                                                                                                                                                                                                    File size:969'216 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:A94E88B82D8B95386186B27736DFF926
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:08
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x450000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:09
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:11
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x450000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:11
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:11
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x450000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:11
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:11
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x450000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:11
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:11
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x450000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:11
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:12
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:12
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:12
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:13
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2216 -prefMapHandle 2208 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a18538d7-1446-4a41-8df2-073c12ed6759} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 28911670f10 socket
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:16
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -parentBuildID 20230927232528 -prefsHandle 2932 -prefMapHandle 3068 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {279f734c-85f2-42c5-af02-fff71848b197} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 28921d2d810 rdd
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                                                                                                                                                    Start time:04:28:30
                                                                                                                                                                                                                                                                                                                                                    Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4432 -prefMapHandle 5232 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6c238e2-98a7-43a7-b744-6ad126dfa70c} 6556 "\\.\pipe\gecko-crash-server-pipe.6556" 2891166e110 utility
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:6.3%
                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:1757
                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:65
                                                                                                                                                                                                                                                                                                                                                      execution_graph 94430 543156 94433 543170 94430->94433 94434 543187 94433->94434 94435 5431e9 94434->94435 94436 54318c 94434->94436 94437 5431eb 94434->94437 94438 5431d0 DefWindowProcW 94435->94438 94441 543265 PostQuitMessage 94436->94441 94442 543199 94436->94442 94439 582dfb 94437->94439 94440 5431f1 94437->94440 94443 54316a 94438->94443 94492 5418e2 10 API calls 94439->94492 94444 54321d SetTimer RegisterWindowMessageW 94440->94444 94445 5431f8 94440->94445 94441->94443 94447 5431a4 94442->94447 94448 582e7c 94442->94448 94444->94443 94452 543246 CreatePopupMenu 94444->94452 94449 582d9c 94445->94449 94450 543201 KillTimer 94445->94450 94453 582e68 94447->94453 94454 5431ae 94447->94454 94505 5abf30 34 API calls ___scrt_fastfail 94448->94505 94456 582da1 94449->94456 94457 582dd7 MoveWindow 94449->94457 94478 5430f2 94450->94478 94451 582e1c 94493 55e499 42 API calls 94451->94493 94452->94443 94482 5ac161 94453->94482 94461 582e4d 94454->94461 94462 5431b9 94454->94462 94464 582dc6 SetFocus 94456->94464 94465 582da7 94456->94465 94457->94443 94461->94438 94504 5a0ad7 22 API calls 94461->94504 94467 5431c4 94462->94467 94468 543253 94462->94468 94463 582e8e 94463->94438 94463->94443 94464->94443 94465->94467 94469 582db0 94465->94469 94467->94438 94475 5430f2 Shell_NotifyIconW 94467->94475 94490 54326f 44 API calls ___scrt_fastfail 94468->94490 94491 5418e2 10 API calls 94469->94491 94474 543263 94474->94443 94476 582e41 94475->94476 94494 543837 94476->94494 94479 543154 94478->94479 94480 543104 ___scrt_fastfail 94478->94480 94489 543c50 DeleteObject DestroyWindow 94479->94489 94481 543123 Shell_NotifyIconW 94480->94481 94481->94479 94483 5ac179 ___scrt_fastfail 94482->94483 94484 5ac276 94482->94484 94506 543923 94483->94506 94484->94443 94486 5ac25f KillTimer SetTimer 94486->94484 94487 5ac1a0 94487->94486 94488 5ac251 Shell_NotifyIconW 94487->94488 94488->94486 94489->94443 94490->94474 94491->94443 94492->94451 94493->94467 94495 543862 ___scrt_fastfail 94494->94495 94618 544212 94495->94618 94499 543906 Shell_NotifyIconW 94502 543923 24 API calls 94499->94502 94500 583386 Shell_NotifyIconW 94501 5438e8 94501->94499 94501->94500 94503 54391c 94502->94503 94503->94435 94504->94435 94505->94463 94507 543a13 94506->94507 94508 54393f 94506->94508 94507->94487 94528 546270 94508->94528 94511 583393 LoadStringW 94514 5833ad 94511->94514 94512 54395a 94533 546b57 94512->94533 94522 543994 ___scrt_fastfail 94514->94522 94546 54a8c7 22 API calls __fread_nolock 94514->94546 94515 54396f 94516 5833c9 94515->94516 94517 54397c 94515->94517 94547 546350 22 API calls 94516->94547 94517->94514 94518 543986 94517->94518 94545 546350 22 API calls 94518->94545 94525 5439f9 Shell_NotifyIconW 94522->94525 94523 5833d7 94523->94522 94548 5433c6 94523->94548 94525->94507 94526 5833f9 94527 5433c6 22 API calls 94526->94527 94527->94522 94557 55fe0b 94528->94557 94530 546295 94567 55fddb 94530->94567 94532 54394d 94532->94511 94532->94512 94534 546b67 _wcslen 94533->94534 94535 584ba1 94533->94535 94538 546ba2 94534->94538 94539 546b7d 94534->94539 94593 5493b2 94535->94593 94537 584baa 94537->94537 94541 55fddb 22 API calls 94538->94541 94592 546f34 22 API calls 94539->94592 94543 546bae 94541->94543 94542 546b85 __fread_nolock 94542->94515 94544 55fe0b 22 API calls 94543->94544 94544->94542 94545->94522 94546->94522 94547->94523 94549 5830bb 94548->94549 94550 5433dd 94548->94550 94552 55fddb 22 API calls 94549->94552 94603 5433ee 94550->94603 94554 5830c5 _wcslen 94552->94554 94553 5433e8 94553->94526 94555 55fe0b 22 API calls 94554->94555 94556 5830fe __fread_nolock 94555->94556 94559 55fddb 94557->94559 94560 55fdfa 94559->94560 94563 55fdfc 94559->94563 94577 56ea0c 94559->94577 94584 564ead 7 API calls 2 library calls 94559->94584 94560->94530 94562 56066d 94586 5632a4 RaiseException 94562->94586 94563->94562 94585 5632a4 RaiseException 94563->94585 94566 56068a 94566->94530 94569 55fde0 94567->94569 94568 56ea0c ___std_exception_copy 21 API calls 94568->94569 94569->94568 94570 55fdfa 94569->94570 94573 55fdfc 94569->94573 94589 564ead 7 API calls 2 library calls 94569->94589 94570->94532 94572 56066d 94591 5632a4 RaiseException 94572->94591 94573->94572 94590 5632a4 RaiseException 94573->94590 94576 56068a 94576->94532 94582 573820 _abort 94577->94582 94578 57385e 94588 56f2d9 20 API calls __dosmaperr 94578->94588 94580 573849 RtlAllocateHeap 94581 57385c 94580->94581 94580->94582 94581->94559 94582->94578 94582->94580 94587 564ead 7 API calls 2 library calls 94582->94587 94584->94559 94585->94562 94586->94566 94587->94582 94588->94581 94589->94569 94590->94572 94591->94576 94592->94542 94594 5493c0 94593->94594 94596 5493c9 __fread_nolock 94593->94596 94594->94596 94597 54aec9 94594->94597 94596->94537 94598 54aedc 94597->94598 94602 54aed9 __fread_nolock 94597->94602 94599 55fddb 22 API calls 94598->94599 94600 54aee7 94599->94600 94601 55fe0b 22 API calls 94600->94601 94601->94602 94602->94596 94604 5433fe _wcslen 94603->94604 94605 58311d 94604->94605 94606 543411 94604->94606 94608 55fddb 22 API calls 94605->94608 94613 54a587 94606->94613 94610 583127 94608->94610 94609 54341e __fread_nolock 94609->94553 94611 55fe0b 22 API calls 94610->94611 94612 583157 __fread_nolock 94611->94612 94614 54a59d 94613->94614 94617 54a598 __fread_nolock 94613->94617 94615 55fe0b 22 API calls 94614->94615 94616 58f80f 94614->94616 94615->94617 94617->94609 94619 5438b7 94618->94619 94620 5835a4 94618->94620 94619->94501 94622 5ac874 42 API calls _strftime 94619->94622 94620->94619 94621 5835ad DestroyIcon 94620->94621 94621->94619 94622->94501 94623 59d29a 94626 5ade27 WSAStartup 94623->94626 94625 59d2a5 94627 5ade50 gethostname gethostbyname 94626->94627 94628 5adee6 94626->94628 94627->94628 94629 5ade73 __fread_nolock 94627->94629 94628->94625 94630 5adea5 inet_ntoa 94629->94630 94634 5ade87 94629->94634 94631 5adebe _strcat 94630->94631 94635 5aebd1 94631->94635 94632 5adede WSACleanup 94632->94628 94634->94632 94636 5aec37 94635->94636 94639 5aebe0 _strlen 94635->94639 94636->94634 94637 5aebef MultiByteToWideChar 94637->94636 94638 5aec04 94637->94638 94640 55fe0b 22 API calls 94638->94640 94639->94637 94641 5aec20 MultiByteToWideChar 94640->94641 94641->94636 94642 541cd0 94643 541cdd __wsopen_s 94642->94643 94658 543e5b 94643->94658 94645 541ce2 94657 541d5c 94645->94657 94669 5421dd 94645->94669 94647 541cef 94647->94657 94680 542042 94647->94680 94649 541cf8 94650 541cfc GetFullPathNameW 94649->94650 94649->94657 94651 546b57 22 API calls 94650->94651 94652 541d28 94651->94652 94653 546b57 22 API calls 94652->94653 94654 541d35 94653->94654 94655 582741 94654->94655 94656 546b57 22 API calls 94654->94656 94656->94657 94659 543e82 94658->94659 94668 543f9f 94658->94668 94660 55fe0b 22 API calls 94659->94660 94659->94668 94661 543ea9 94660->94661 94662 55fe0b 22 API calls 94661->94662 94666 543f1e 94662->94666 94666->94668 94692 549e90 86 API calls __fread_nolock 94666->94692 94693 543ff7 94666->94693 94699 5b0a59 94666->94699 94703 54a4a1 94666->94703 94668->94645 94678 542299 94669->94678 94670 542593 94712 542932 82 API calls 94670->94712 94672 5829d0 94713 542817 22 API calls 94672->94713 94675 582823 94714 5b359c 82 API calls __wsopen_s 94675->94714 94677 542817 22 API calls 94677->94678 94678->94670 94678->94672 94678->94675 94678->94677 94679 54252b 94678->94679 94711 542932 82 API calls 94678->94711 94679->94647 94684 54204e 94680->94684 94681 542129 94715 542996 94681->94715 94683 5827c5 94732 5b359c 82 API calls __wsopen_s 94683->94732 94684->94681 94684->94683 94688 54213a 94684->94688 94691 542133 94684->94691 94719 549cb3 94684->94719 94725 54adf0 94684->94725 94730 54652c 83 API calls 94684->94730 94731 5b359c 82 API calls __wsopen_s 94688->94731 94691->94649 94692->94666 94694 54400a 94693->94694 94696 5440ae 94693->94696 94695 55fe0b 22 API calls 94694->94695 94698 54403c 94694->94698 94695->94698 94696->94666 94697 55fddb 22 API calls 94697->94698 94698->94696 94698->94697 94700 5b0a7a 94699->94700 94701 55fddb 22 API calls 94700->94701 94702 5b0a85 94700->94702 94701->94702 94702->94666 94704 54a52b 94703->94704 94710 54a4b1 __fread_nolock 94703->94710 94706 55fe0b 22 API calls 94704->94706 94705 55fddb 22 API calls 94707 54a4b8 94705->94707 94706->94710 94708 54a4d6 94707->94708 94709 55fddb 22 API calls 94707->94709 94708->94666 94709->94708 94710->94705 94711->94678 94712->94679 94713->94675 94714->94679 94716 5429aa 94715->94716 94718 5429a7 94715->94718 94717 55fe0b 22 API calls 94716->94717 94717->94718 94718->94691 94720 549cc2 _wcslen 94719->94720 94721 55fe0b 22 API calls 94720->94721 94722 549cea __fread_nolock 94721->94722 94723 55fddb 22 API calls 94722->94723 94724 549d00 94723->94724 94724->94684 94726 54ae01 94725->94726 94729 54ae1c ISource 94725->94729 94727 54aec9 22 API calls 94726->94727 94728 54ae09 CharUpperBuffW 94727->94728 94728->94729 94729->94684 94730->94684 94731->94691 94732->94691 94733 59d35f 94735 59d30c 94733->94735 94736 5adf27 SHGetFolderPathW 94735->94736 94737 546b57 22 API calls 94736->94737 94738 5adf54 94737->94738 94738->94735 94739 59d79f 94744 543b1c 94739->94744 94741 59d7bf 94751 549c6e 22 API calls 94741->94751 94743 59d7ef 94743->94743 94745 543b8c 94744->94745 94746 543b29 94744->94746 94745->94741 94746->94745 94747 543b30 RegOpenKeyExW 94746->94747 94747->94745 94748 543b4a RegQueryValueExW 94747->94748 94749 543b80 RegCloseKey 94748->94749 94750 543b6b 94748->94750 94749->94745 94750->94749 94751->94743 94752 5d2a55 94760 5b1ebc 94752->94760 94755 5d2a87 94756 5d2a70 94762 5a39c0 22 API calls 94756->94762 94758 5d2a7c 94763 5a417d 22 API calls __fread_nolock 94758->94763 94761 5b1ec3 IsWindow 94760->94761 94761->94755 94761->94756 94762->94758 94763->94755 94764 59d255 94765 543b1c 3 API calls 94764->94765 94766 59d275 94765->94766 94766->94766 94767 541098 94772 5442de 94767->94772 94771 5410a7 94793 54a961 94772->94793 94775 546b57 22 API calls 94776 544342 94775->94776 94777 5493b2 22 API calls 94776->94777 94781 544378 94776->94781 94778 54436c 94777->94778 94798 5437a0 94778->94798 94779 54441b GetCurrentProcess IsWow64Process 94782 544437 94779->94782 94781->94779 94787 5837df 94781->94787 94783 54444f LoadLibraryA 94782->94783 94784 583824 GetSystemInfo 94782->94784 94785 544460 GetProcAddress 94783->94785 94786 54449c GetSystemInfo 94783->94786 94785->94786 94788 544470 GetNativeSystemInfo 94785->94788 94789 544476 94786->94789 94788->94789 94790 54109d 94789->94790 94791 54447a FreeLibrary 94789->94791 94792 5600a3 29 API calls __onexit 94790->94792 94791->94790 94792->94771 94794 55fe0b 22 API calls 94793->94794 94795 54a976 94794->94795 94796 55fddb 22 API calls 94795->94796 94797 5442f5 GetVersionExW 94796->94797 94797->94775 94799 5437ae 94798->94799 94800 5493b2 22 API calls 94799->94800 94801 5437c2 94800->94801 94801->94781 94802 55f698 94803 55f6c3 94802->94803 94804 55f6a2 94802->94804 94809 59f2f8 94803->94809 94819 5a4d4a 22 API calls ISource 94803->94819 94811 54af8a 94804->94811 94807 55f6b2 94808 54af8a 22 API calls 94807->94808 94810 55f6c2 94808->94810 94812 54af98 94811->94812 94818 54afc0 ISource 94811->94818 94813 54afa6 94812->94813 94814 54af8a 22 API calls 94812->94814 94815 54afac 94813->94815 94816 54af8a 22 API calls 94813->94816 94814->94813 94815->94818 94820 54b090 94815->94820 94816->94815 94818->94807 94819->94803 94821 54b09b ISource 94820->94821 94823 54b0d6 ISource 94821->94823 94824 55ce17 22 API calls ISource 94821->94824 94823->94818 94824->94823 94825 54105b 94830 54344d 94825->94830 94827 54106a 94861 5600a3 29 API calls __onexit 94827->94861 94829 541074 94831 54345d __wsopen_s 94830->94831 94832 54a961 22 API calls 94831->94832 94833 543513 94832->94833 94862 543a5a 94833->94862 94835 54351c 94869 543357 94835->94869 94838 5433c6 22 API calls 94839 543535 94838->94839 94875 54515f 94839->94875 94842 54a961 22 API calls 94843 54354d 94842->94843 94881 54a6c3 94843->94881 94846 583176 RegQueryValueExW 94847 58320c RegCloseKey 94846->94847 94848 583193 94846->94848 94850 543578 94847->94850 94860 58321e _wcslen 94847->94860 94849 55fe0b 22 API calls 94848->94849 94851 5831ac 94849->94851 94850->94827 94887 545722 94851->94887 94854 5831d4 94856 546b57 22 API calls 94854->94856 94855 544c6d 22 API calls 94855->94860 94857 5831ee ISource 94856->94857 94857->94847 94858 549cb3 22 API calls 94858->94860 94859 54515f 22 API calls 94859->94860 94860->94850 94860->94855 94860->94858 94860->94859 94861->94829 94890 581f50 94862->94890 94865 549cb3 22 API calls 94866 543a8d 94865->94866 94892 543aa2 94866->94892 94868 543a97 94868->94835 94870 581f50 __wsopen_s 94869->94870 94871 543364 GetFullPathNameW 94870->94871 94872 543386 94871->94872 94873 546b57 22 API calls 94872->94873 94874 5433a4 94873->94874 94874->94838 94876 54516e 94875->94876 94880 54518f __fread_nolock 94875->94880 94878 55fe0b 22 API calls 94876->94878 94877 55fddb 22 API calls 94879 543544 94877->94879 94878->94880 94879->94842 94880->94877 94882 543556 RegOpenKeyExW 94881->94882 94883 54a6dd 94881->94883 94882->94846 94882->94850 94884 55fddb 22 API calls 94883->94884 94885 54a6e7 94884->94885 94886 55fe0b 22 API calls 94885->94886 94886->94882 94888 55fddb 22 API calls 94887->94888 94889 545734 RegQueryValueExW 94888->94889 94889->94854 94889->94857 94891 543a67 GetModuleFileNameW 94890->94891 94891->94865 94893 581f50 __wsopen_s 94892->94893 94894 543aaf GetFullPathNameW 94893->94894 94895 543ace 94894->94895 94896 543ae9 94894->94896 94898 546b57 22 API calls 94895->94898 94897 54a6c3 22 API calls 94896->94897 94899 543ada 94897->94899 94898->94899 94900 5437a0 22 API calls 94899->94900 94901 543ae6 94900->94901 94901->94868 94902 541044 94907 5410f3 94902->94907 94904 54104a 94943 5600a3 29 API calls __onexit 94904->94943 94906 541054 94944 541398 94907->94944 94911 54116a 94912 54a961 22 API calls 94911->94912 94913 541174 94912->94913 94914 54a961 22 API calls 94913->94914 94915 54117e 94914->94915 94916 54a961 22 API calls 94915->94916 94917 541188 94916->94917 94918 54a961 22 API calls 94917->94918 94919 5411c6 94918->94919 94920 54a961 22 API calls 94919->94920 94921 541292 94920->94921 94954 54171c 94921->94954 94925 5412c4 94926 54a961 22 API calls 94925->94926 94927 5412ce 94926->94927 94975 551940 94927->94975 94929 5412f9 94985 541aab 94929->94985 94931 541315 94932 541325 GetStdHandle 94931->94932 94933 582485 94932->94933 94934 54137a 94932->94934 94933->94934 94935 58248e 94933->94935 94938 541387 OleInitialize 94934->94938 94936 55fddb 22 API calls 94935->94936 94937 582495 94936->94937 94992 5b011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 94937->94992 94938->94904 94940 58249e 94993 5b0944 CreateThread 94940->94993 94942 5824aa CloseHandle 94942->94934 94943->94906 94994 5413f1 94944->94994 94947 5413f1 22 API calls 94948 5413d0 94947->94948 94949 54a961 22 API calls 94948->94949 94950 5413dc 94949->94950 94951 546b57 22 API calls 94950->94951 94952 541129 94951->94952 94953 541bc3 6 API calls 94952->94953 94953->94911 94955 54a961 22 API calls 94954->94955 94956 54172c 94955->94956 94957 54a961 22 API calls 94956->94957 94958 541734 94957->94958 94959 54a961 22 API calls 94958->94959 94960 54174f 94959->94960 94961 55fddb 22 API calls 94960->94961 94962 54129c 94961->94962 94963 541b4a 94962->94963 94964 541b58 94963->94964 94965 54a961 22 API calls 94964->94965 94966 541b63 94965->94966 94967 54a961 22 API calls 94966->94967 94968 541b6e 94967->94968 94969 54a961 22 API calls 94968->94969 94970 541b79 94969->94970 94971 54a961 22 API calls 94970->94971 94972 541b84 94971->94972 94973 55fddb 22 API calls 94972->94973 94974 541b96 RegisterWindowMessageW 94973->94974 94974->94925 94976 551981 94975->94976 94977 55195d 94975->94977 95001 560242 5 API calls __Init_thread_wait 94976->95001 94978 55196e 94977->94978 95003 560242 5 API calls __Init_thread_wait 94977->95003 94978->94929 94980 55198b 94980->94977 95002 5601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94980->95002 94982 558727 94982->94978 95004 5601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94982->95004 94986 58272d 94985->94986 94987 541abb 94985->94987 95005 5b3209 23 API calls 94986->95005 94988 55fddb 22 API calls 94987->94988 94991 541ac3 94988->94991 94990 582738 94991->94931 94992->94940 94993->94942 95006 5b092a 28 API calls 94993->95006 94995 54a961 22 API calls 94994->94995 94996 5413fc 94995->94996 94997 54a961 22 API calls 94996->94997 94998 541404 94997->94998 94999 54a961 22 API calls 94998->94999 95000 5413c6 94999->95000 95000->94947 95001->94980 95002->94977 95003->94982 95004->94978 95005->94990 95007 578402 95012 5781be 95007->95012 95011 57842a 95017 5781ef try_get_first_available_module 95012->95017 95014 5783ee 95031 5727ec 26 API calls pre_c_initialization 95014->95031 95016 578343 95016->95011 95024 580984 95016->95024 95023 578338 95017->95023 95027 568e0b 40 API calls 2 library calls 95017->95027 95019 57838c 95019->95023 95028 568e0b 40 API calls 2 library calls 95019->95028 95021 5783ab 95021->95023 95029 568e0b 40 API calls 2 library calls 95021->95029 95023->95016 95030 56f2d9 20 API calls __dosmaperr 95023->95030 95032 580081 95024->95032 95026 58099f 95026->95011 95027->95019 95028->95021 95029->95023 95030->95014 95031->95016 95035 58008d ___scrt_is_nonwritable_in_current_image 95032->95035 95033 58009b 95090 56f2d9 20 API calls __dosmaperr 95033->95090 95035->95033 95037 5800d4 95035->95037 95036 5800a0 95091 5727ec 26 API calls pre_c_initialization 95036->95091 95043 58065b 95037->95043 95042 5800aa __fread_nolock 95042->95026 95093 58042f 95043->95093 95046 58068d 95125 56f2c6 20 API calls __dosmaperr 95046->95125 95047 5806a6 95111 575221 95047->95111 95050 5806ab 95051 5806cb 95050->95051 95052 5806b4 95050->95052 95124 58039a CreateFileW 95051->95124 95127 56f2c6 20 API calls __dosmaperr 95052->95127 95056 5800f8 95092 580121 LeaveCriticalSection __wsopen_s 95056->95092 95057 5806b9 95128 56f2d9 20 API calls __dosmaperr 95057->95128 95058 580781 GetFileType 95061 58078c GetLastError 95058->95061 95062 5807d3 95058->95062 95060 580756 GetLastError 95130 56f2a3 20 API calls __dosmaperr 95060->95130 95131 56f2a3 20 API calls __dosmaperr 95061->95131 95133 57516a 21 API calls 2 library calls 95062->95133 95063 580692 95126 56f2d9 20 API calls __dosmaperr 95063->95126 95064 580704 95064->95058 95064->95060 95129 58039a CreateFileW 95064->95129 95068 58079a CloseHandle 95068->95063 95071 5807c3 95068->95071 95070 580749 95070->95058 95070->95060 95132 56f2d9 20 API calls __dosmaperr 95071->95132 95073 5807f4 95075 580840 95073->95075 95134 5805ab 72 API calls 3 library calls 95073->95134 95074 5807c8 95074->95063 95079 58086d 95075->95079 95135 58014d 72 API calls 4 library calls 95075->95135 95078 580866 95078->95079 95080 58087e 95078->95080 95136 5786ae 95079->95136 95080->95056 95082 5808fc CloseHandle 95080->95082 95151 58039a CreateFileW 95082->95151 95084 580927 95085 580931 GetLastError 95084->95085 95086 58095d 95084->95086 95152 56f2a3 20 API calls __dosmaperr 95085->95152 95086->95056 95088 58093d 95153 575333 21 API calls 2 library calls 95088->95153 95090->95036 95091->95042 95092->95042 95094 580450 95093->95094 95095 58046a 95093->95095 95094->95095 95161 56f2d9 20 API calls __dosmaperr 95094->95161 95154 5803bf 95095->95154 95098 58045f 95162 5727ec 26 API calls pre_c_initialization 95098->95162 95100 5804a2 95101 5804d1 95100->95101 95163 56f2d9 20 API calls __dosmaperr 95100->95163 95109 580524 95101->95109 95165 56d70d 26 API calls 2 library calls 95101->95165 95104 58051f 95106 58059e 95104->95106 95104->95109 95105 5804c6 95164 5727ec 26 API calls pre_c_initialization 95105->95164 95166 5727fc 11 API calls _abort 95106->95166 95109->95046 95109->95047 95110 5805aa 95112 57522d ___scrt_is_nonwritable_in_current_image 95111->95112 95169 572f5e EnterCriticalSection 95112->95169 95115 575234 95116 575259 95115->95116 95120 5752c7 EnterCriticalSection 95115->95120 95123 57527b 95115->95123 95173 575000 21 API calls 3 library calls 95116->95173 95117 5752a4 __fread_nolock 95117->95050 95119 57525e 95119->95123 95174 575147 EnterCriticalSection 95119->95174 95122 5752d4 LeaveCriticalSection 95120->95122 95120->95123 95122->95115 95170 57532a 95123->95170 95124->95064 95125->95063 95126->95056 95127->95057 95128->95063 95129->95070 95130->95063 95131->95068 95132->95074 95133->95073 95134->95075 95135->95078 95176 5753c4 95136->95176 95138 5786c4 95189 575333 21 API calls 2 library calls 95138->95189 95139 5786be 95139->95138 95140 5786f6 95139->95140 95142 5753c4 __wsopen_s 26 API calls 95139->95142 95140->95138 95143 5753c4 __wsopen_s 26 API calls 95140->95143 95145 5786ed 95142->95145 95146 578702 CloseHandle 95143->95146 95144 57871c 95147 57873e 95144->95147 95190 56f2a3 20 API calls __dosmaperr 95144->95190 95148 5753c4 __wsopen_s 26 API calls 95145->95148 95146->95138 95149 57870e GetLastError 95146->95149 95147->95056 95148->95140 95149->95138 95151->95084 95152->95088 95153->95086 95157 5803d7 95154->95157 95155 5803f2 95155->95100 95157->95155 95167 56f2d9 20 API calls __dosmaperr 95157->95167 95158 580416 95168 5727ec 26 API calls pre_c_initialization 95158->95168 95160 580421 95160->95100 95161->95098 95162->95095 95163->95105 95164->95101 95165->95104 95166->95110 95167->95158 95168->95160 95169->95115 95175 572fa6 LeaveCriticalSection 95170->95175 95172 575331 95172->95117 95173->95119 95174->95123 95175->95172 95177 5753e6 95176->95177 95178 5753d1 95176->95178 95182 57540b 95177->95182 95193 56f2c6 20 API calls __dosmaperr 95177->95193 95191 56f2c6 20 API calls __dosmaperr 95178->95191 95181 5753d6 95192 56f2d9 20 API calls __dosmaperr 95181->95192 95182->95139 95183 575416 95194 56f2d9 20 API calls __dosmaperr 95183->95194 95186 5753de 95186->95139 95187 57541e 95195 5727ec 26 API calls pre_c_initialization 95187->95195 95189->95144 95190->95147 95191->95181 95192->95186 95193->95183 95194->95187 95195->95186 95196 592a00 95211 54d7b0 ISource 95196->95211 95197 54db11 PeekMessageW 95197->95211 95198 54d807 GetInputState 95198->95197 95198->95211 95200 591cbe TranslateAcceleratorW 95200->95211 95201 54db73 TranslateMessage DispatchMessageW 95202 54db8f PeekMessageW 95201->95202 95202->95211 95203 54da04 timeGetTime 95203->95211 95204 54dbaf Sleep 95204->95211 95205 592b74 Sleep 95218 592a51 95205->95218 95207 591dda timeGetTime 95379 55e300 23 API calls 95207->95379 95211->95197 95211->95198 95211->95200 95211->95201 95211->95202 95211->95203 95211->95204 95211->95205 95211->95207 95215 54d9d5 95211->95215 95211->95218 95228 54dd50 95211->95228 95235 54dfd0 95211->95235 95258 54bf40 95211->95258 95316 55edf6 95211->95316 95321 551310 95211->95321 95378 55e551 timeGetTime 95211->95378 95380 5b3a2a 23 API calls 95211->95380 95381 54ec40 95211->95381 95405 5b359c 82 API calls __wsopen_s 95211->95405 95212 592c0b GetExitCodeProcess 95216 592c21 WaitForSingleObject 95212->95216 95217 592c37 CloseHandle 95212->95217 95213 5d29bf GetForegroundWindow 95213->95218 95216->95211 95216->95217 95217->95218 95218->95211 95218->95212 95218->95213 95218->95215 95219 592ca9 Sleep 95218->95219 95406 5c5658 23 API calls 95218->95406 95407 5ae97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95218->95407 95408 55e551 timeGetTime 95218->95408 95409 5ad4dc CreateToolhelp32Snapshot Process32FirstW 95218->95409 95219->95211 95229 54dd6f 95228->95229 95231 54dd83 95228->95231 95419 54d260 95229->95419 95451 5b359c 82 API calls __wsopen_s 95231->95451 95232 54dd7a 95232->95211 95234 592f75 95234->95234 95236 54e010 95235->95236 95246 54e0dc ISource 95236->95246 95464 560242 5 API calls __Init_thread_wait 95236->95464 95239 592fca 95241 54a961 22 API calls 95239->95241 95239->95246 95240 54a961 22 API calls 95240->95246 95244 592fe4 95241->95244 95465 5600a3 29 API calls __onexit 95244->95465 95246->95240 95251 54ec40 348 API calls 95246->95251 95253 5504f0 22 API calls 95246->95253 95254 54e3e1 95246->95254 95256 5b359c 82 API calls 95246->95256 95461 54a8c7 22 API calls __fread_nolock 95246->95461 95462 54a81b 41 API calls 95246->95462 95463 55a308 348 API calls 95246->95463 95467 560242 5 API calls __Init_thread_wait 95246->95467 95468 5600a3 29 API calls __onexit 95246->95468 95469 5601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95246->95469 95470 5c47d4 348 API calls 95246->95470 95471 5c68c1 348 API calls 95246->95471 95247 592fee 95466 5601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95247->95466 95251->95246 95253->95246 95254->95211 95256->95246 95259 54adf0 23 API calls 95258->95259 95260 54bf9d 95259->95260 95261 54bfa9 95260->95261 95262 5904b6 95260->95262 95264 5904c6 95261->95264 95265 54c01e 95261->95265 95495 5b359c 82 API calls __wsopen_s 95262->95495 95496 5b359c 82 API calls __wsopen_s 95264->95496 95472 54ac91 95265->95472 95269 5a7120 22 API calls 95314 54c039 ISource __fread_nolock 95269->95314 95270 54c7da 95273 55fe0b 22 API calls 95270->95273 95278 54c808 __fread_nolock 95273->95278 95275 5904f5 95279 59055a 95275->95279 95497 55d217 348 API calls 95275->95497 95280 55fe0b 22 API calls 95278->95280 95302 54c603 95279->95302 95498 5b359c 82 API calls __wsopen_s 95279->95498 95313 54c350 ISource __fread_nolock 95280->95313 95281 54af8a 22 API calls 95281->95314 95282 59091a 95507 5b3209 23 API calls 95282->95507 95285 54ec40 348 API calls 95285->95314 95286 5908a5 95287 54ec40 348 API calls 95286->95287 95288 5908cf 95287->95288 95288->95302 95505 54a81b 41 API calls 95288->95505 95290 590591 95499 5b359c 82 API calls __wsopen_s 95290->95499 95294 5908f6 95506 5b359c 82 API calls __wsopen_s 95294->95506 95296 54bbe0 40 API calls 95296->95314 95297 54aceb 23 API calls 95297->95314 95298 54c237 95299 54c253 95298->95299 95508 54a8c7 22 API calls __fread_nolock 95298->95508 95303 590976 95299->95303 95308 54c297 ISource 95299->95308 95300 55fe0b 22 API calls 95300->95314 95302->95211 95305 54aceb 23 API calls 95303->95305 95307 5909bf 95305->95307 95306 55fddb 22 API calls 95306->95314 95307->95302 95509 5b359c 82 API calls __wsopen_s 95307->95509 95308->95307 95483 54aceb 95308->95483 95310 54c335 95310->95307 95311 54c342 95310->95311 95493 54a704 22 API calls ISource 95311->95493 95315 54c3ac 95313->95315 95494 55ce17 22 API calls ISource 95313->95494 95314->95269 95314->95270 95314->95275 95314->95278 95314->95279 95314->95281 95314->95282 95314->95285 95314->95286 95314->95290 95314->95294 95314->95296 95314->95297 95314->95298 95314->95300 95314->95302 95314->95306 95314->95307 95476 54ad81 95314->95476 95500 5a7099 22 API calls __fread_nolock 95314->95500 95501 5c5745 54 API calls _wcslen 95314->95501 95502 55aa42 22 API calls ISource 95314->95502 95503 5af05c 40 API calls 95314->95503 95504 54a993 41 API calls 95314->95504 95315->95211 95317 55ee09 95316->95317 95318 55ee12 95316->95318 95317->95211 95318->95317 95319 55ee36 IsDialogMessageW 95318->95319 95320 59efaf GetClassLongW 95318->95320 95319->95317 95319->95318 95320->95318 95320->95319 95322 551376 95321->95322 95323 5517b0 95321->95323 95324 551390 95322->95324 95325 596331 95322->95325 95550 560242 5 API calls __Init_thread_wait 95323->95550 95327 551940 9 API calls 95324->95327 95554 5c709c 348 API calls 95325->95554 95330 5513a0 95327->95330 95329 5517ba 95332 5517fb 95329->95332 95334 549cb3 22 API calls 95329->95334 95333 551940 9 API calls 95330->95333 95331 59633d 95331->95211 95336 596346 95332->95336 95338 55182c 95332->95338 95335 5513b6 95333->95335 95341 5517d4 95334->95341 95335->95332 95337 5513ec 95335->95337 95555 5b359c 82 API calls __wsopen_s 95336->95555 95337->95336 95361 551408 __fread_nolock 95337->95361 95340 54aceb 23 API calls 95338->95340 95342 551839 95340->95342 95551 5601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95341->95551 95552 55d217 348 API calls 95342->95552 95345 59636e 95556 5b359c 82 API calls __wsopen_s 95345->95556 95346 55152f 95348 5963d1 95346->95348 95349 55153c 95346->95349 95558 5c5745 54 API calls _wcslen 95348->95558 95351 551940 9 API calls 95349->95351 95352 551549 95351->95352 95356 5964fa 95352->95356 95358 551940 9 API calls 95352->95358 95353 55fddb 22 API calls 95353->95361 95354 551872 95553 55faeb 23 API calls 95354->95553 95355 55fe0b 22 API calls 95355->95361 95365 596369 95356->95365 95560 5b359c 82 API calls __wsopen_s 95356->95560 95363 551563 95358->95363 95360 54ec40 348 API calls 95360->95361 95361->95342 95361->95345 95361->95346 95361->95353 95361->95355 95361->95360 95362 5963b2 95361->95362 95361->95365 95557 5b359c 82 API calls __wsopen_s 95362->95557 95363->95356 95368 5515c7 ISource 95363->95368 95559 54a8c7 22 API calls __fread_nolock 95363->95559 95365->95211 95367 551940 9 API calls 95367->95368 95368->95354 95368->95356 95368->95365 95368->95367 95370 55167b ISource 95368->95370 95521 5cabf7 95368->95521 95526 5ca2ea 95368->95526 95531 5d1591 95368->95531 95534 5cab67 95368->95534 95537 5b5c5a 95368->95537 95542 55f645 95368->95542 95369 55171d 95369->95211 95370->95369 95549 55ce17 22 API calls ISource 95370->95549 95378->95211 95379->95211 95380->95211 95403 54ec76 ISource 95381->95403 95383 54fef7 95397 54ed9d ISource 95383->95397 95795 54a8c7 22 API calls __fread_nolock 95383->95795 95384 55fddb 22 API calls 95384->95403 95386 594b0b 95797 5b359c 82 API calls __wsopen_s 95386->95797 95387 594600 95387->95397 95794 54a8c7 22 API calls __fread_nolock 95387->95794 95391 54a8c7 22 API calls 95391->95403 95394 560242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95394->95403 95395 54fbe3 95395->95397 95398 594bdc 95395->95398 95404 54f3ae ISource 95395->95404 95396 54a961 22 API calls 95396->95403 95397->95211 95798 5b359c 82 API calls __wsopen_s 95398->95798 95399 5600a3 29 API calls pre_c_initialization 95399->95403 95401 5601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95401->95403 95402 594beb 95799 5b359c 82 API calls __wsopen_s 95402->95799 95403->95383 95403->95384 95403->95386 95403->95387 95403->95391 95403->95394 95403->95395 95403->95396 95403->95397 95403->95399 95403->95401 95403->95402 95403->95404 95732 5501e0 95403->95732 95793 5506a0 41 API calls ISource 95403->95793 95404->95397 95796 5b359c 82 API calls __wsopen_s 95404->95796 95405->95211 95406->95218 95407->95218 95408->95218 95826 5adef7 95409->95826 95411 5ad5db CloseHandle 95411->95218 95412 5ad529 Process32NextW 95412->95411 95418 5ad522 95412->95418 95413 54a961 22 API calls 95413->95418 95414 549cb3 22 API calls 95414->95418 95418->95411 95418->95412 95418->95413 95418->95414 95832 54525f 22 API calls 95418->95832 95833 546350 22 API calls 95418->95833 95834 55ce60 41 API calls 95418->95834 95420 54ec40 348 API calls 95419->95420 95424 54d29d 95420->95424 95421 54d30b ISource 95421->95232 95422 54d6d5 95422->95421 95434 55fe0b 22 API calls 95422->95434 95424->95421 95424->95422 95425 54d3c3 95424->95425 95428 54d4b8 95424->95428 95435 591bc4 95424->95435 95440 55fddb 22 API calls 95424->95440 95446 54d429 ISource __fread_nolock 95424->95446 95425->95422 95427 54d3ce 95425->95427 95426 54d5ff 95430 54d614 95426->95430 95431 591bb5 95426->95431 95429 55fddb 22 API calls 95427->95429 95436 55fe0b 22 API calls 95428->95436 95439 54d3d5 __fread_nolock 95429->95439 95432 55fddb 22 API calls 95430->95432 95459 5c5705 23 API calls 95431->95459 95444 54d46a 95432->95444 95434->95439 95460 5b359c 82 API calls __wsopen_s 95435->95460 95436->95446 95437 55fddb 22 API calls 95438 54d3f6 95437->95438 95438->95446 95452 54bec0 348 API calls 95438->95452 95439->95437 95439->95438 95440->95424 95442 591ba4 95458 5b359c 82 API calls __wsopen_s 95442->95458 95444->95232 95446->95426 95446->95442 95446->95444 95447 591b7f 95446->95447 95449 591b5d 95446->95449 95453 541f6f 95446->95453 95457 5b359c 82 API calls __wsopen_s 95447->95457 95456 5b359c 82 API calls __wsopen_s 95449->95456 95451->95234 95452->95446 95454 54ec40 348 API calls 95453->95454 95455 541f98 95454->95455 95455->95446 95456->95444 95457->95444 95458->95444 95459->95435 95460->95421 95461->95246 95462->95246 95463->95246 95464->95239 95465->95247 95466->95246 95467->95246 95468->95246 95469->95246 95470->95246 95471->95246 95473 54acae 95472->95473 95475 54acd1 95473->95475 95510 5b359c 82 API calls __wsopen_s 95473->95510 95475->95314 95477 58fadb 95476->95477 95478 54ad92 95476->95478 95479 55fddb 22 API calls 95478->95479 95480 54ad99 95479->95480 95511 54adcd 95480->95511 95484 54acf9 95483->95484 95492 54ad2a ISource 95483->95492 95485 54ad55 95484->95485 95487 54ad01 ISource 95484->95487 95485->95492 95519 54a8c7 22 API calls __fread_nolock 95485->95519 95488 58fa48 95487->95488 95489 54ad21 95487->95489 95487->95492 95488->95492 95520 55ce17 22 API calls ISource 95488->95520 95490 58fa3a VariantClear 95489->95490 95489->95492 95490->95492 95492->95310 95493->95313 95494->95313 95495->95264 95496->95302 95497->95279 95498->95302 95499->95302 95500->95314 95501->95314 95502->95314 95503->95314 95504->95314 95505->95294 95506->95302 95507->95298 95508->95299 95509->95302 95510->95475 95514 54addd 95511->95514 95512 54adb6 95512->95314 95513 55fddb 22 API calls 95513->95514 95514->95512 95514->95513 95515 54a961 22 API calls 95514->95515 95517 54adcd 22 API calls 95514->95517 95518 54a8c7 22 API calls __fread_nolock 95514->95518 95515->95514 95517->95514 95518->95514 95519->95492 95520->95492 95561 5caff9 95521->95561 95523 5cac54 95523->95368 95524 5cac0c 95524->95523 95525 54aceb 23 API calls 95524->95525 95525->95523 95527 547510 53 API calls 95526->95527 95528 5ca306 95527->95528 95529 5ad4dc 47 API calls 95528->95529 95530 5ca315 95529->95530 95530->95368 95716 5d2ad8 95531->95716 95533 5d159f 95533->95368 95535 5caff9 217 API calls 95534->95535 95536 5cab79 95535->95536 95536->95368 95538 547510 53 API calls 95537->95538 95539 5b5c6d 95538->95539 95727 5adbbe lstrlenW 95539->95727 95541 5b5c77 95541->95368 95543 54b567 39 API calls 95542->95543 95544 55f659 95543->95544 95545 55f661 timeGetTime 95544->95545 95546 59f2dc Sleep 95544->95546 95547 54b567 39 API calls 95545->95547 95548 55f677 95547->95548 95548->95368 95549->95370 95550->95329 95551->95332 95552->95354 95553->95354 95554->95331 95555->95365 95556->95365 95557->95365 95558->95363 95559->95368 95560->95365 95562 5cb01d ___scrt_fastfail 95561->95562 95563 5cb058 95562->95563 95564 5cb094 95562->95564 95682 54b567 95563->95682 95566 54b567 39 API calls 95564->95566 95571 5cb08b 95564->95571 95570 5cb0a5 95566->95570 95567 5cb063 95567->95571 95574 54b567 39 API calls 95567->95574 95568 5cb0ed 95652 547510 95568->95652 95573 54b567 39 API calls 95570->95573 95571->95568 95575 54b567 39 API calls 95571->95575 95573->95571 95577 5cb078 95574->95577 95575->95568 95579 54b567 39 API calls 95577->95579 95578 5cb115 95580 5cb11f 95578->95580 95581 5cb1d8 95578->95581 95579->95571 95582 547510 53 API calls 95580->95582 95583 5cb20a GetCurrentDirectoryW 95581->95583 95586 547510 53 API calls 95581->95586 95584 5cb130 95582->95584 95585 55fe0b 22 API calls 95583->95585 95588 547620 22 API calls 95584->95588 95589 5cb22f GetCurrentDirectoryW 95585->95589 95587 5cb1ef 95586->95587 95590 547620 22 API calls 95587->95590 95591 5cb13a 95588->95591 95592 5cb23c 95589->95592 95593 5cb1f9 _wcslen 95590->95593 95594 547510 53 API calls 95591->95594 95596 5cb275 95592->95596 95687 549c6e 22 API calls 95592->95687 95593->95583 95593->95596 95595 5cb14b 95594->95595 95597 547620 22 API calls 95595->95597 95601 5cb28b 95596->95601 95602 5cb287 95596->95602 95599 5cb155 95597->95599 95603 547510 53 API calls 95599->95603 95600 5cb255 95688 549c6e 22 API calls 95600->95688 95690 5b07c0 10 API calls 95601->95690 95611 5cb2f8 95602->95611 95612 5cb39a CreateProcessW 95602->95612 95606 5cb166 95603->95606 95608 547620 22 API calls 95606->95608 95607 5cb265 95689 549c6e 22 API calls 95607->95689 95613 5cb170 95608->95613 95610 5cb294 95691 5b06e6 10 API calls 95610->95691 95693 5a11c8 39 API calls 95611->95693 95631 5cb32f _wcslen 95612->95631 95617 5cb1a6 GetSystemDirectoryW 95613->95617 95621 547510 53 API calls 95613->95621 95616 5cb2fd 95619 5cb32a 95616->95619 95620 5cb323 95616->95620 95623 55fe0b 22 API calls 95617->95623 95618 5cb2aa 95692 5b05a7 8 API calls 95618->95692 95695 5a14ce 6 API calls 95619->95695 95694 5a1201 128 API calls 2 library calls 95620->95694 95625 5cb187 95621->95625 95628 5cb1cb GetSystemDirectoryW 95623->95628 95630 547620 22 API calls 95625->95630 95627 5cb2d0 95627->95602 95628->95592 95629 5cb328 95629->95631 95634 5cb191 _wcslen 95630->95634 95632 5cb42f CloseHandle 95631->95632 95633 5cb3d6 GetLastError 95631->95633 95635 5cb43f 95632->95635 95643 5cb49a 95632->95643 95642 5cb41a 95633->95642 95634->95592 95634->95617 95637 5cb446 CloseHandle 95635->95637 95638 5cb451 95635->95638 95637->95638 95640 5cb458 CloseHandle 95638->95640 95641 5cb463 95638->95641 95639 5cb4a6 95639->95642 95640->95641 95644 5cb46a CloseHandle 95641->95644 95645 5cb475 95641->95645 95679 5b0175 95642->95679 95643->95639 95649 5cb4d2 CloseHandle 95643->95649 95644->95645 95696 5b09d9 34 API calls 95645->95696 95648 5cb486 95697 5cb536 25 API calls 95648->95697 95649->95642 95653 547525 95652->95653 95654 547522 95652->95654 95655 54752d 95653->95655 95656 54755b 95653->95656 95675 547620 95654->95675 95698 5651c6 26 API calls 95655->95698 95657 5850f6 95656->95657 95660 54756d 95656->95660 95667 58500f 95656->95667 95701 565183 26 API calls 95657->95701 95699 55fb21 51 API calls 95660->95699 95661 54753d 95664 55fddb 22 API calls 95661->95664 95662 58510e 95662->95662 95666 547547 95664->95666 95668 549cb3 22 API calls 95666->95668 95669 55fe0b 22 API calls 95667->95669 95670 585088 95667->95670 95668->95654 95671 585058 95669->95671 95700 55fb21 51 API calls 95670->95700 95672 55fddb 22 API calls 95671->95672 95673 58507f 95672->95673 95674 549cb3 22 API calls 95673->95674 95674->95670 95676 54762a _wcslen 95675->95676 95677 55fe0b 22 API calls 95676->95677 95678 54763f 95677->95678 95678->95578 95702 5b030f 95679->95702 95683 54b57f 95682->95683 95684 54b578 95682->95684 95683->95567 95684->95683 95715 5662d1 39 API calls _strftime 95684->95715 95686 54b5c2 95686->95567 95687->95600 95688->95607 95689->95596 95690->95610 95691->95618 95692->95627 95693->95616 95694->95629 95695->95631 95696->95648 95697->95643 95698->95661 95699->95661 95700->95657 95701->95662 95703 5b0329 95702->95703 95704 5b0321 CloseHandle 95702->95704 95705 5b032e CloseHandle 95703->95705 95706 5b0336 95703->95706 95704->95703 95705->95706 95707 5b033b CloseHandle 95706->95707 95708 5b0343 95706->95708 95707->95708 95709 5b0348 CloseHandle 95708->95709 95710 5b0350 95708->95710 95709->95710 95711 5b035d 95710->95711 95712 5b0355 CloseHandle 95710->95712 95713 5b017d 95711->95713 95714 5b0362 CloseHandle 95711->95714 95712->95711 95713->95524 95714->95713 95715->95686 95717 54aceb 23 API calls 95716->95717 95718 5d2af3 95717->95718 95719 5d2b1d 95718->95719 95720 5d2aff 95718->95720 95721 546b57 22 API calls 95719->95721 95722 547510 53 API calls 95720->95722 95723 5d2b1b 95721->95723 95724 5d2b0c 95722->95724 95723->95533 95724->95723 95726 54a8c7 22 API calls __fread_nolock 95724->95726 95726->95723 95728 5adbdc GetFileAttributesW 95727->95728 95729 5adc06 95727->95729 95728->95729 95730 5adbe8 FindFirstFileW 95728->95730 95729->95541 95730->95729 95731 5adbf9 FindClose 95730->95731 95731->95729 95733 550206 95732->95733 95747 55027e 95732->95747 95734 595411 95733->95734 95735 550213 95733->95735 95818 5c7b7e 348 API calls 2 library calls 95734->95818 95742 595435 95735->95742 95745 55021d 95735->95745 95736 595405 95817 5b359c 82 API calls __wsopen_s 95736->95817 95738 595466 95743 595471 95738->95743 95744 595493 95738->95744 95739 54ec40 348 API calls 95739->95747 95742->95738 95746 59544d 95742->95746 95820 5c7b7e 348 API calls 2 library calls 95743->95820 95800 5c5689 95744->95800 95769 550230 ISource 95745->95769 95823 54a8c7 22 API calls __fread_nolock 95745->95823 95819 5b359c 82 API calls __wsopen_s 95746->95819 95747->95739 95751 550405 95747->95751 95753 5951b9 95747->95753 95768 5503f9 95747->95768 95775 550344 95747->95775 95779 5951ce ISource 95747->95779 95780 5503b2 ISource 95747->95780 95751->95403 95813 5b359c 82 API calls __wsopen_s 95753->95813 95754 59568a 95761 5956c0 95754->95761 95825 5c7771 67 API calls 95754->95825 95757 595332 95757->95769 95816 54a8c7 22 API calls __fread_nolock 95757->95816 95760 595532 95821 5b1119 22 API calls 95760->95821 95765 54aceb 23 API calls 95761->95765 95762 595668 95766 547510 53 API calls 95762->95766 95770 550273 ISource 95765->95770 95784 595670 _wcslen 95766->95784 95767 59569e 95772 547510 53 API calls 95767->95772 95768->95751 95812 5b359c 82 API calls __wsopen_s 95768->95812 95769->95754 95769->95770 95824 5c7632 54 API calls __wsopen_s 95769->95824 95770->95403 95771 5954b9 95807 5b0acc 95771->95807 95777 5956a6 _wcslen 95772->95777 95775->95768 95811 5504f0 22 API calls 95775->95811 95777->95761 95789 54aceb 23 API calls 95777->95789 95778 595544 95822 54a673 22 API calls 95778->95822 95779->95770 95779->95780 95814 5b359c 82 API calls __wsopen_s 95779->95814 95780->95736 95780->95757 95780->95769 95780->95770 95815 55a308 348 API calls 95780->95815 95781 5503a5 95781->95768 95781->95780 95784->95754 95787 54aceb 23 API calls 95784->95787 95786 59554d 95790 5b0acc 22 API calls 95786->95790 95787->95754 95788 551310 348 API calls 95788->95769 95789->95761 95791 595566 95790->95791 95792 54bf40 348 API calls 95791->95792 95792->95769 95793->95403 95794->95397 95795->95397 95796->95397 95797->95397 95798->95402 95799->95397 95801 5c56a4 95800->95801 95806 59549e 95800->95806 95802 55fe0b 22 API calls 95801->95802 95803 5c56c6 95802->95803 95804 55fddb 22 API calls 95803->95804 95805 5b0a59 22 API calls 95803->95805 95803->95806 95804->95803 95805->95803 95806->95760 95806->95771 95808 5b0ada 95807->95808 95810 5954e3 95807->95810 95809 55fddb 22 API calls 95808->95809 95808->95810 95809->95810 95810->95788 95811->95781 95812->95770 95813->95779 95814->95780 95815->95780 95816->95769 95817->95734 95818->95769 95819->95770 95820->95769 95821->95778 95822->95786 95823->95769 95824->95762 95825->95767 95827 5adf02 95826->95827 95828 5adf19 95827->95828 95831 5adf1f 95827->95831 95835 5663b2 GetStringTypeW _strftime 95827->95835 95836 5662fb 39 API calls _strftime 95828->95836 95831->95418 95832->95418 95833->95418 95834->95418 95835->95827 95836->95831 95837 582402 95840 541410 95837->95840 95841 5824b8 DestroyWindow 95840->95841 95842 54144f mciSendStringW 95840->95842 95845 5824c4 95841->95845 95843 5416c6 95842->95843 95844 54146b 95842->95844 95843->95844 95847 5416d5 UnregisterHotKey 95843->95847 95844->95845 95846 541479 95844->95846 95849 5824e2 FindClose 95845->95849 95851 582509 95845->95851 95855 5824d8 95845->95855 95873 54182e 95846->95873 95847->95843 95849->95845 95854 58251c FreeLibrary 95851->95854 95856 58252d 95851->95856 95853 54148e 95853->95856 95861 54149c 95853->95861 95854->95851 95855->95845 95879 546246 CloseHandle 95855->95879 95857 582541 VirtualFree 95856->95857 95862 541509 95856->95862 95857->95856 95858 5414f8 CoUninitialize 95858->95862 95859 582589 95865 582598 ISource 95859->95865 95880 5b32eb 6 API calls ISource 95859->95880 95861->95858 95862->95859 95863 541514 95862->95863 95877 541944 VirtualFreeEx CloseHandle 95863->95877 95869 582627 95865->95869 95881 5a64d4 22 API calls ISource 95865->95881 95867 54153a 95867->95865 95868 54161f 95867->95868 95868->95869 95870 54166d 95868->95870 95869->95869 95870->95869 95878 541876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95870->95878 95872 5416c1 95875 54183b 95873->95875 95874 541480 95874->95851 95874->95853 95875->95874 95882 5a702a 22 API calls 95875->95882 95877->95867 95878->95872 95879->95855 95880->95859 95881->95865 95882->95875 95883 59d27a GetUserNameW 95884 59d292 95883->95884 95885 542e37 95886 54a961 22 API calls 95885->95886 95887 542e4d 95886->95887 95964 544ae3 95887->95964 95889 542e6b 95890 543a5a 24 API calls 95889->95890 95891 542e7f 95890->95891 95892 549cb3 22 API calls 95891->95892 95893 542e8c 95892->95893 95978 544ecb 95893->95978 95896 582cb0 96018 5b2cf9 95896->96018 95897 542ead 96000 54a8c7 22 API calls __fread_nolock 95897->96000 95899 582cc3 95900 582ccf 95899->95900 96044 544f39 95899->96044 95906 544f39 68 API calls 95900->95906 95903 542ec3 96001 546f88 22 API calls 95903->96001 95905 542ecf 95907 549cb3 22 API calls 95905->95907 95910 582ce5 95906->95910 95908 542edc 95907->95908 96002 54a81b 41 API calls 95908->96002 96050 543084 22 API calls 95910->96050 95912 542eec 95914 549cb3 22 API calls 95912->95914 95913 582d02 96051 543084 22 API calls 95913->96051 95916 542f12 95914->95916 96003 54a81b 41 API calls 95916->96003 95917 582d1e 95919 543a5a 24 API calls 95917->95919 95920 582d44 95919->95920 96052 543084 22 API calls 95920->96052 95921 542f21 95923 54a961 22 API calls 95921->95923 95925 542f3f 95923->95925 95924 582d50 96053 54a8c7 22 API calls __fread_nolock 95924->96053 96004 543084 22 API calls 95925->96004 95928 582d5e 96054 543084 22 API calls 95928->96054 95929 542f4b 96005 564a28 40 API calls 3 library calls 95929->96005 95932 582d6d 96055 54a8c7 22 API calls __fread_nolock 95932->96055 95933 542f59 95933->95910 95934 542f63 95933->95934 96006 564a28 40 API calls 3 library calls 95934->96006 95937 582d83 96056 543084 22 API calls 95937->96056 95938 542f6e 95938->95913 95940 542f78 95938->95940 96007 564a28 40 API calls 3 library calls 95940->96007 95941 582d90 95943 542f83 95943->95917 95944 542f8d 95943->95944 96008 564a28 40 API calls 3 library calls 95944->96008 95946 542f98 95947 542fdc 95946->95947 96009 543084 22 API calls 95946->96009 95947->95932 95948 542fe8 95947->95948 95948->95941 96012 5463eb 22 API calls 95948->96012 95950 542fbf 96010 54a8c7 22 API calls __fread_nolock 95950->96010 95953 542ff8 96013 546a50 22 API calls 95953->96013 95954 542fcd 96011 543084 22 API calls 95954->96011 95957 543006 96014 5470b0 23 API calls 95957->96014 95961 543021 95962 543065 95961->95962 96015 546f88 22 API calls 95961->96015 96016 5470b0 23 API calls 95961->96016 96017 543084 22 API calls 95961->96017 95965 544af0 __wsopen_s 95964->95965 95966 546b57 22 API calls 95965->95966 95967 544b22 95965->95967 95966->95967 95977 544b58 95967->95977 96057 544c6d 95967->96057 95969 544c6d 22 API calls 95969->95977 95970 549cb3 22 API calls 95974 544c52 95970->95974 95971 544c29 95971->95970 95972 544c5e 95971->95972 95972->95889 95973 549cb3 22 API calls 95973->95977 95975 54515f 22 API calls 95974->95975 95975->95972 95976 54515f 22 API calls 95976->95977 95977->95969 95977->95971 95977->95973 95977->95976 96060 544e90 LoadLibraryA 95978->96060 95983 544ef6 LoadLibraryExW 96068 544e59 LoadLibraryA 95983->96068 95984 583ccf 95986 544f39 68 API calls 95984->95986 95988 583cd6 95986->95988 95990 544e59 3 API calls 95988->95990 95992 583cde 95990->95992 95991 544f20 95991->95992 95993 544f2c 95991->95993 96090 5450f5 95992->96090 95994 544f39 68 API calls 95993->95994 95996 542ea5 95994->95996 95996->95896 95996->95897 95999 583d05 96000->95903 96001->95905 96002->95912 96003->95921 96004->95929 96005->95933 96006->95938 96007->95943 96008->95946 96009->95950 96010->95954 96011->95947 96012->95953 96013->95957 96014->95961 96015->95961 96016->95961 96017->95961 96019 5b2d15 96018->96019 96020 54511f 64 API calls 96019->96020 96021 5b2d29 96020->96021 96230 5b2e66 96021->96230 96024 5450f5 40 API calls 96025 5b2d56 96024->96025 96026 5450f5 40 API calls 96025->96026 96027 5b2d66 96026->96027 96028 5450f5 40 API calls 96027->96028 96029 5b2d81 96028->96029 96030 5450f5 40 API calls 96029->96030 96031 5b2d9c 96030->96031 96032 54511f 64 API calls 96031->96032 96033 5b2db3 96032->96033 96034 56ea0c ___std_exception_copy 21 API calls 96033->96034 96035 5b2dba 96034->96035 96036 56ea0c ___std_exception_copy 21 API calls 96035->96036 96037 5b2dc4 96036->96037 96038 5450f5 40 API calls 96037->96038 96039 5b2dd8 96038->96039 96040 5b28fe 27 API calls 96039->96040 96041 5b2dee 96040->96041 96042 5b2d3f 96041->96042 96236 5b22ce 79 API calls 96041->96236 96042->95899 96045 544f43 96044->96045 96047 544f4a 96044->96047 96237 56e678 96045->96237 96048 544f59 96047->96048 96049 544f6a FreeLibrary 96047->96049 96048->95900 96049->96048 96050->95913 96051->95917 96052->95924 96053->95928 96054->95932 96055->95937 96056->95941 96058 54aec9 22 API calls 96057->96058 96059 544c78 96058->96059 96059->95967 96061 544ec6 96060->96061 96062 544ea8 GetProcAddress 96060->96062 96065 56e5eb 96061->96065 96063 544eb8 96062->96063 96063->96061 96064 544ebf FreeLibrary 96063->96064 96064->96061 96098 56e52a 96065->96098 96067 544eea 96067->95983 96067->95984 96069 544e8d 96068->96069 96070 544e6e GetProcAddress 96068->96070 96073 544f80 96069->96073 96071 544e7e 96070->96071 96071->96069 96072 544e86 FreeLibrary 96071->96072 96072->96069 96074 55fe0b 22 API calls 96073->96074 96075 544f95 96074->96075 96076 545722 22 API calls 96075->96076 96077 544fa1 __fread_nolock 96076->96077 96078 5450a5 96077->96078 96079 583d1d 96077->96079 96089 544fdc 96077->96089 96159 5442a2 CreateStreamOnHGlobal 96078->96159 96170 5b304d 74 API calls 96079->96170 96082 583d22 96084 54511f 64 API calls 96082->96084 96083 5450f5 40 API calls 96083->96089 96085 583d45 96084->96085 96086 5450f5 40 API calls 96085->96086 96088 54506e ISource 96086->96088 96088->95991 96089->96082 96089->96083 96089->96088 96165 54511f 96089->96165 96091 545107 96090->96091 96092 583d70 96090->96092 96192 56e8c4 96091->96192 96095 5b28fe 96213 5b274e 96095->96213 96097 5b2919 96097->95999 96100 56e536 ___scrt_is_nonwritable_in_current_image 96098->96100 96099 56e544 96123 56f2d9 20 API calls __dosmaperr 96099->96123 96100->96099 96103 56e574 96100->96103 96102 56e549 96124 5727ec 26 API calls pre_c_initialization 96102->96124 96105 56e586 96103->96105 96106 56e579 96103->96106 96115 578061 96105->96115 96125 56f2d9 20 API calls __dosmaperr 96106->96125 96109 56e58f 96110 56e595 96109->96110 96111 56e5a2 96109->96111 96126 56f2d9 20 API calls __dosmaperr 96110->96126 96127 56e5d4 LeaveCriticalSection __fread_nolock 96111->96127 96113 56e554 __fread_nolock 96113->96067 96116 57806d ___scrt_is_nonwritable_in_current_image 96115->96116 96128 572f5e EnterCriticalSection 96116->96128 96118 57807b 96129 5780fb 96118->96129 96122 5780ac __fread_nolock 96122->96109 96123->96102 96124->96113 96125->96113 96126->96113 96127->96113 96128->96118 96130 57811e 96129->96130 96131 578177 96130->96131 96138 578088 96130->96138 96146 56918d EnterCriticalSection 96130->96146 96147 5691a1 LeaveCriticalSection 96130->96147 96148 574c7d 20 API calls 2 library calls 96131->96148 96133 578180 96149 5729c8 96133->96149 96136 578189 96136->96138 96155 573405 11 API calls 2 library calls 96136->96155 96143 5780b7 96138->96143 96139 5781a8 96156 56918d EnterCriticalSection 96139->96156 96142 5781bb 96142->96138 96158 572fa6 LeaveCriticalSection 96143->96158 96145 5780be 96145->96122 96146->96130 96147->96130 96148->96133 96150 5729d3 RtlFreeHeap 96149->96150 96151 5729fc __dosmaperr 96149->96151 96150->96151 96152 5729e8 96150->96152 96151->96136 96157 56f2d9 20 API calls __dosmaperr 96152->96157 96154 5729ee GetLastError 96154->96151 96155->96139 96156->96142 96157->96154 96158->96145 96160 5442bc FindResourceExW 96159->96160 96164 5442d9 96159->96164 96161 5835ba LoadResource 96160->96161 96160->96164 96162 5835cf SizeofResource 96161->96162 96161->96164 96163 5835e3 LockResource 96162->96163 96162->96164 96163->96164 96164->96089 96166 583d90 96165->96166 96167 54512e 96165->96167 96171 56ece3 96167->96171 96170->96082 96174 56eaaa 96171->96174 96173 54513c 96173->96089 96177 56eab6 ___scrt_is_nonwritable_in_current_image 96174->96177 96175 56eac2 96187 56f2d9 20 API calls __dosmaperr 96175->96187 96177->96175 96178 56eae8 96177->96178 96189 56918d EnterCriticalSection 96178->96189 96179 56eac7 96188 5727ec 26 API calls pre_c_initialization 96179->96188 96182 56eaf4 96190 56ec0a 62 API calls 2 library calls 96182->96190 96184 56eb08 96191 56eb27 LeaveCriticalSection __fread_nolock 96184->96191 96186 56ead2 __fread_nolock 96186->96173 96187->96179 96188->96186 96189->96182 96190->96184 96191->96186 96195 56e8e1 96192->96195 96194 545118 96194->96095 96196 56e8ed ___scrt_is_nonwritable_in_current_image 96195->96196 96197 56e900 ___scrt_fastfail 96196->96197 96198 56e92d 96196->96198 96200 56e925 __fread_nolock 96196->96200 96208 56f2d9 20 API calls __dosmaperr 96197->96208 96210 56918d EnterCriticalSection 96198->96210 96200->96194 96201 56e937 96211 56e6f8 38 API calls 4 library calls 96201->96211 96204 56e91a 96209 5727ec 26 API calls pre_c_initialization 96204->96209 96205 56e94e 96212 56e96c LeaveCriticalSection __fread_nolock 96205->96212 96208->96204 96209->96200 96210->96201 96211->96205 96212->96200 96216 56e4e8 96213->96216 96215 5b275d 96215->96097 96219 56e469 96216->96219 96218 56e505 96218->96215 96220 56e48c 96219->96220 96221 56e478 96219->96221 96226 56e488 __alldvrm 96220->96226 96229 57333f 11 API calls 2 library calls 96220->96229 96227 56f2d9 20 API calls __dosmaperr 96221->96227 96223 56e47d 96228 5727ec 26 API calls pre_c_initialization 96223->96228 96226->96218 96227->96223 96228->96226 96229->96226 96234 5b2e7a 96230->96234 96231 5b28fe 27 API calls 96231->96234 96232 5b2d3b 96232->96024 96232->96042 96233 5450f5 40 API calls 96233->96234 96234->96231 96234->96232 96234->96233 96235 54511f 64 API calls 96234->96235 96235->96234 96236->96042 96238 56e684 ___scrt_is_nonwritable_in_current_image 96237->96238 96239 56e695 96238->96239 96240 56e6aa 96238->96240 96267 56f2d9 20 API calls __dosmaperr 96239->96267 96241 56e6a5 __fread_nolock 96240->96241 96250 56918d EnterCriticalSection 96240->96250 96241->96047 96244 56e69a 96268 5727ec 26 API calls pre_c_initialization 96244->96268 96245 56e6c6 96251 56e602 96245->96251 96248 56e6d1 96269 56e6ee LeaveCriticalSection __fread_nolock 96248->96269 96250->96245 96252 56e624 96251->96252 96253 56e60f 96251->96253 96259 56e61f 96252->96259 96270 56dc0b 96252->96270 96302 56f2d9 20 API calls __dosmaperr 96253->96302 96255 56e614 96303 5727ec 26 API calls pre_c_initialization 96255->96303 96259->96248 96263 56e646 96287 57862f 96263->96287 96266 5729c8 _free 20 API calls 96266->96259 96267->96244 96268->96241 96269->96241 96271 56dc23 96270->96271 96275 56dc1f 96270->96275 96272 56d955 __fread_nolock 26 API calls 96271->96272 96271->96275 96273 56dc43 96272->96273 96304 5759be 62 API calls 5 library calls 96273->96304 96276 574d7a 96275->96276 96277 56e640 96276->96277 96278 574d90 96276->96278 96280 56d955 96277->96280 96278->96277 96279 5729c8 _free 20 API calls 96278->96279 96279->96277 96281 56d976 96280->96281 96282 56d961 96280->96282 96281->96263 96305 56f2d9 20 API calls __dosmaperr 96282->96305 96284 56d966 96306 5727ec 26 API calls pre_c_initialization 96284->96306 96286 56d971 96286->96263 96288 57863e 96287->96288 96291 578653 96287->96291 96310 56f2c6 20 API calls __dosmaperr 96288->96310 96289 57868e 96312 56f2c6 20 API calls __dosmaperr 96289->96312 96291->96289 96294 57867a 96291->96294 96293 578643 96311 56f2d9 20 API calls __dosmaperr 96293->96311 96307 578607 96294->96307 96295 578693 96313 56f2d9 20 API calls __dosmaperr 96295->96313 96299 56e64c 96299->96259 96299->96266 96300 57869b 96314 5727ec 26 API calls pre_c_initialization 96300->96314 96302->96255 96303->96259 96304->96275 96305->96284 96306->96286 96315 578585 96307->96315 96309 57862b 96309->96299 96310->96293 96311->96299 96312->96295 96313->96300 96314->96299 96316 578591 ___scrt_is_nonwritable_in_current_image 96315->96316 96326 575147 EnterCriticalSection 96316->96326 96318 57859f 96319 5785c6 96318->96319 96320 5785d1 96318->96320 96321 5786ae __wsopen_s 29 API calls 96319->96321 96327 56f2d9 20 API calls __dosmaperr 96320->96327 96323 5785cc 96321->96323 96328 5785fb LeaveCriticalSection __wsopen_s 96323->96328 96325 5785ee __fread_nolock 96325->96309 96326->96318 96327->96323 96328->96325 96329 54fe73 96336 55ceb1 96329->96336 96331 54fe89 96345 55cf92 96331->96345 96333 54feb3 96357 5b359c 82 API calls __wsopen_s 96333->96357 96335 594ab8 96337 55ced2 96336->96337 96338 55cebf 96336->96338 96340 55cf05 96337->96340 96341 55ced7 96337->96341 96339 54aceb 23 API calls 96338->96339 96344 55cec9 96339->96344 96343 54aceb 23 API calls 96340->96343 96342 55fddb 22 API calls 96341->96342 96342->96344 96343->96344 96344->96331 96346 546270 22 API calls 96345->96346 96347 55cfc9 96346->96347 96348 55cffa 96347->96348 96349 549cb3 22 API calls 96347->96349 96348->96333 96350 59d166 96349->96350 96358 546350 22 API calls 96350->96358 96352 59d171 96359 55d2f0 40 API calls 96352->96359 96354 59d184 96355 54aceb 23 API calls 96354->96355 96356 59d188 96354->96356 96355->96356 96356->96356 96357->96335 96358->96352 96359->96354 96360 541033 96365 544c91 96360->96365 96364 541042 96366 54a961 22 API calls 96365->96366 96367 544cff 96366->96367 96373 543af0 96367->96373 96369 544d9c 96371 541038 96369->96371 96376 5451f7 22 API calls __fread_nolock 96369->96376 96372 5600a3 29 API calls __onexit 96371->96372 96372->96364 96374 543b1c 3 API calls 96373->96374 96375 543b0f 96374->96375 96375->96369 96376->96369 96377 54defc 96380 541d6f 96377->96380 96379 54df07 96381 541d8c 96380->96381 96382 541f6f 348 API calls 96381->96382 96383 541da6 96382->96383 96384 582759 96383->96384 96386 541e36 96383->96386 96387 541dc2 96383->96387 96390 5b359c 82 API calls __wsopen_s 96384->96390 96386->96379 96387->96386 96389 54289a 23 API calls 96387->96389 96389->96386 96390->96386 96391 593f75 96392 55ceb1 23 API calls 96391->96392 96393 593f8b 96392->96393 96394 594006 96393->96394 96402 55e300 23 API calls 96393->96402 96396 54bf40 348 API calls 96394->96396 96398 594052 96396->96398 96397 593fe6 96397->96398 96403 5b1abf 22 API calls 96397->96403 96400 594a88 96398->96400 96404 5b359c 82 API calls __wsopen_s 96398->96404 96402->96397 96403->96394 96404->96400 96405 5603fb 96406 560407 ___scrt_is_nonwritable_in_current_image 96405->96406 96434 55feb1 96406->96434 96408 56040e 96409 560561 96408->96409 96412 560438 96408->96412 96464 56083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96409->96464 96411 560568 96457 564e52 96411->96457 96422 560477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96412->96422 96445 57247d 96412->96445 96419 560457 96421 5604d8 96453 560959 96421->96453 96422->96421 96460 564e1a 38 API calls 2 library calls 96422->96460 96425 5604de 96426 5604f3 96425->96426 96461 560992 GetModuleHandleW 96426->96461 96428 5604fa 96428->96411 96429 5604fe 96428->96429 96430 560507 96429->96430 96462 564df5 28 API calls _abort 96429->96462 96463 560040 13 API calls 2 library calls 96430->96463 96433 56050f 96433->96419 96435 55feba 96434->96435 96466 560698 IsProcessorFeaturePresent 96435->96466 96437 55fec6 96467 562c94 10 API calls 3 library calls 96437->96467 96439 55fecb 96440 55fecf 96439->96440 96468 572317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96439->96468 96440->96408 96442 55fed8 96443 55fee6 96442->96443 96469 562cbd 8 API calls 3 library calls 96442->96469 96443->96408 96446 572494 96445->96446 96470 560a8c 96446->96470 96448 560451 96448->96419 96449 572421 96448->96449 96450 572450 96449->96450 96451 560a8c _ValidateLocalCookies 5 API calls 96450->96451 96452 572479 96451->96452 96452->96422 96478 562340 96453->96478 96456 56097f 96456->96425 96480 564bcf 96457->96480 96460->96421 96461->96428 96462->96430 96463->96433 96464->96411 96466->96437 96467->96439 96468->96442 96469->96440 96471 560a97 IsProcessorFeaturePresent 96470->96471 96472 560a95 96470->96472 96474 560c5d 96471->96474 96472->96448 96477 560c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96474->96477 96476 560d40 96476->96448 96477->96476 96479 56096c GetStartupInfoW 96478->96479 96479->96456 96481 564bdb _abort 96480->96481 96482 564bf4 96481->96482 96483 564be2 96481->96483 96504 572f5e EnterCriticalSection 96482->96504 96519 564d29 GetModuleHandleW 96483->96519 96486 564be7 96486->96482 96520 564d6d GetModuleHandleExW 96486->96520 96487 564c99 96508 564cd9 96487->96508 96492 564c70 96494 564c88 96492->96494 96499 572421 _abort 5 API calls 96492->96499 96493 564bfb 96493->96487 96493->96492 96505 5721a8 96493->96505 96500 572421 _abort 5 API calls 96494->96500 96495 564cb6 96511 564ce8 96495->96511 96496 564ce2 96528 581d29 5 API calls _ValidateLocalCookies 96496->96528 96499->96494 96500->96487 96504->96493 96529 571ee1 96505->96529 96548 572fa6 LeaveCriticalSection 96508->96548 96510 564cb2 96510->96495 96510->96496 96549 57360c 96511->96549 96514 564d16 96517 564d6d _abort 8 API calls 96514->96517 96515 564cf6 GetPEB 96515->96514 96516 564d06 GetCurrentProcess TerminateProcess 96515->96516 96516->96514 96518 564d1e ExitProcess 96517->96518 96519->96486 96521 564d97 GetProcAddress 96520->96521 96522 564dba 96520->96522 96527 564dac 96521->96527 96523 564dc0 FreeLibrary 96522->96523 96524 564dc9 96522->96524 96523->96524 96525 560a8c _ValidateLocalCookies 5 API calls 96524->96525 96526 564bf3 96525->96526 96526->96482 96527->96522 96532 571e90 96529->96532 96531 571f05 96531->96492 96533 571e9c ___scrt_is_nonwritable_in_current_image 96532->96533 96540 572f5e EnterCriticalSection 96533->96540 96535 571eaa 96541 571f31 96535->96541 96539 571ec8 __fread_nolock 96539->96531 96540->96535 96542 571f51 96541->96542 96545 571f59 96541->96545 96543 560a8c _ValidateLocalCookies 5 API calls 96542->96543 96544 571eb7 96543->96544 96547 571ed5 LeaveCriticalSection _abort 96544->96547 96545->96542 96546 5729c8 _free 20 API calls 96545->96546 96546->96542 96547->96539 96548->96510 96550 573631 96549->96550 96551 573627 96549->96551 96556 572fd7 5 API calls 2 library calls 96550->96556 96553 560a8c _ValidateLocalCookies 5 API calls 96551->96553 96554 564cf2 96553->96554 96554->96514 96554->96515 96555 573648 96555->96551 96556->96555 96557 54dee5 96560 54b710 96557->96560 96561 54b72b 96560->96561 96562 5900f8 96561->96562 96563 590146 96561->96563 96590 54b750 96561->96590 96566 590102 96562->96566 96569 59010f 96562->96569 96562->96590 96602 5c58a2 348 API calls 2 library calls 96563->96602 96600 5c5d33 348 API calls 96566->96600 96582 54ba20 96569->96582 96601 5c61d0 348 API calls 2 library calls 96569->96601 96573 54bbe0 40 API calls 96573->96590 96574 5903d9 96574->96574 96576 54ba4e 96578 590322 96605 5c5c0c 82 API calls 96578->96605 96582->96576 96606 5b359c 82 API calls __wsopen_s 96582->96606 96585 54aceb 23 API calls 96585->96590 96586 55d336 40 API calls 96586->96590 96587 54ec40 348 API calls 96587->96590 96590->96573 96590->96576 96590->96578 96590->96582 96590->96585 96590->96586 96590->96587 96591 54a81b 41 API calls 96590->96591 96592 55d2f0 40 API calls 96590->96592 96593 55a01b 348 API calls 96590->96593 96594 560242 5 API calls __Init_thread_wait 96590->96594 96595 55edcd 22 API calls 96590->96595 96596 5600a3 29 API calls __onexit 96590->96596 96597 5601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96590->96597 96598 55ee53 82 API calls 96590->96598 96599 55e5ca 348 API calls 96590->96599 96603 59f6bf 23 API calls 96590->96603 96604 54a8c7 22 API calls __fread_nolock 96590->96604 96591->96590 96592->96590 96593->96590 96594->96590 96595->96590 96596->96590 96597->96590 96598->96590 96599->96590 96600->96569 96601->96582 96602->96590 96603->96590 96604->96590 96605->96582 96606->96574 96607 542de3 96608 542df0 __wsopen_s 96607->96608 96609 582c2b ___scrt_fastfail 96608->96609 96610 542e09 96608->96610 96612 582c47 GetOpenFileNameW 96609->96612 96611 543aa2 23 API calls 96610->96611 96613 542e12 96611->96613 96614 582c96 96612->96614 96623 542da5 96613->96623 96616 546b57 22 API calls 96614->96616 96618 582cab 96616->96618 96618->96618 96620 542e27 96641 5444a8 96620->96641 96624 581f50 __wsopen_s 96623->96624 96625 542db2 GetLongPathNameW 96624->96625 96626 546b57 22 API calls 96625->96626 96627 542dda 96626->96627 96628 543598 96627->96628 96629 54a961 22 API calls 96628->96629 96630 5435aa 96629->96630 96631 543aa2 23 API calls 96630->96631 96632 5435b5 96631->96632 96633 5435c0 96632->96633 96637 5832eb 96632->96637 96634 54515f 22 API calls 96633->96634 96636 5435cc 96634->96636 96670 5435f3 96636->96670 96639 58330d 96637->96639 96676 55ce60 41 API calls 96637->96676 96640 5435df 96640->96620 96642 544ecb 94 API calls 96641->96642 96643 5444cd 96642->96643 96644 583833 96643->96644 96645 544ecb 94 API calls 96643->96645 96646 5b2cf9 80 API calls 96644->96646 96647 5444e1 96645->96647 96648 583848 96646->96648 96647->96644 96649 5444e9 96647->96649 96650 583869 96648->96650 96651 58384c 96648->96651 96653 5444f5 96649->96653 96654 583854 96649->96654 96652 55fe0b 22 API calls 96650->96652 96655 544f39 68 API calls 96651->96655 96660 5838ae 96652->96660 96677 54940c 136 API calls 2 library calls 96653->96677 96678 5ada5a 82 API calls 96654->96678 96655->96654 96658 583862 96658->96650 96659 542e31 96662 583a5f 96660->96662 96663 54a4a1 22 API calls 96660->96663 96664 543ff7 22 API calls 96660->96664 96667 549cb3 22 API calls 96660->96667 96679 5a967e 22 API calls __fread_nolock 96660->96679 96680 5a95ad 42 API calls _wcslen 96660->96680 96681 5b0b5a 22 API calls 96660->96681 96661 544f39 68 API calls 96661->96662 96662->96661 96682 5a989b 82 API calls __wsopen_s 96662->96682 96663->96660 96664->96660 96667->96660 96671 543605 96670->96671 96675 543624 __fread_nolock 96670->96675 96673 55fe0b 22 API calls 96671->96673 96672 55fddb 22 API calls 96674 54363b 96672->96674 96673->96675 96674->96640 96675->96672 96676->96637 96677->96659 96678->96658 96679->96660 96680->96660 96681->96660 96682->96662 96683 541cad SystemParametersInfoW 96684 582ba5 96685 542b25 96684->96685 96686 582baf 96684->96686 96712 542b83 7 API calls 96685->96712 96688 543a5a 24 API calls 96686->96688 96690 582bb8 96688->96690 96692 549cb3 22 API calls 96690->96692 96693 582bc6 96692->96693 96695 582bce 96693->96695 96696 582bf5 96693->96696 96694 542b2f 96699 543837 49 API calls 96694->96699 96705 542b44 96694->96705 96697 5433c6 22 API calls 96695->96697 96698 5433c6 22 API calls 96696->96698 96700 582bd9 96697->96700 96701 582bf1 GetForegroundWindow ShellExecuteW 96698->96701 96699->96705 96716 546350 22 API calls 96700->96716 96707 582c26 96701->96707 96704 542b5f 96709 542b66 SetCurrentDirectoryW 96704->96709 96705->96704 96708 5430f2 Shell_NotifyIconW 96705->96708 96706 582be7 96710 5433c6 22 API calls 96706->96710 96707->96704 96708->96704 96711 542b7a 96709->96711 96710->96701 96717 542cd4 7 API calls 96712->96717 96714 542b2a 96715 542c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96714->96715 96715->96694 96716->96706 96717->96714

                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 005442DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 389 5442de-54434d call 54a961 GetVersionExW call 546b57 394 544353 389->394 395 583617-58362a 389->395 396 544355-544357 394->396 397 58362b-58362f 395->397 398 54435d-5443bc call 5493b2 call 5437a0 396->398 399 583656 396->399 400 583631 397->400 401 583632-58363e 397->401 418 5443c2-5443c4 398->418 419 5837df-5837e6 398->419 404 58365d-583660 399->404 400->401 401->397 403 583640-583642 401->403 403->396 406 583648-58364f 403->406 407 583666-5836a8 404->407 408 54441b-544435 GetCurrentProcess IsWow64Process 404->408 406->395 410 583651 406->410 407->408 411 5836ae-5836b1 407->411 413 544494-54449a 408->413 414 544437 408->414 410->399 416 5836db-5836e5 411->416 417 5836b3-5836bd 411->417 415 54443d-544449 413->415 414->415 420 54444f-54445e LoadLibraryA 415->420 421 583824-583828 GetSystemInfo 415->421 425 5836f8-583702 416->425 426 5836e7-5836f3 416->426 422 5836ca-5836d6 417->422 423 5836bf-5836c5 417->423 418->404 424 5443ca-5443dd 418->424 427 5837e8 419->427 428 583806-583809 419->428 429 544460-54446e GetProcAddress 420->429 430 54449c-5444a6 GetSystemInfo 420->430 422->408 423->408 431 5443e3-5443e5 424->431 432 583726-58372f 424->432 434 583704-583710 425->434 435 583715-583721 425->435 426->408 433 5837ee 427->433 436 58380b-58381a 428->436 437 5837f4-5837fc 428->437 429->430 439 544470-544474 GetNativeSystemInfo 429->439 440 544476-544478 430->440 441 58374d-583762 431->441 442 5443eb-5443ee 431->442 443 58373c-583748 432->443 444 583731-583737 432->444 433->437 434->408 435->408 436->433 438 58381c-583822 436->438 437->428 438->437 439->440 447 544481-544493 440->447 448 54447a-54447b FreeLibrary 440->448 445 58376f-58377b 441->445 446 583764-58376a 441->446 449 5443f4-54440f 442->449 450 583791-583794 442->450 443->408 444->408 445->408 446->408 448->447 452 544415 449->452 453 583780-58378c 449->453 450->408 451 58379a-5837c1 450->451 454 5837ce-5837da 451->454 455 5837c3-5837c9 451->455 452->408 453->408 454->408 455->408
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 0054430D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,005DCB64,00000000,?,?), ref: 00544422
                                                                                                                                                                                                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 00544429
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00544454
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00544466
                                                                                                                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00544474
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 0054447B
                                                                                                                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 005444A0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 66c646560b8bf697fbe42f3dfec7b55b0a9f3f2f32961008162c3dcd49e02831
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 66f6781bc2c3107f17d19a93ad943566a23a15a4ee9abd0164f0b27d9b4a63cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66c646560b8bf697fbe42f3dfec7b55b0a9f3f2f32961008162c3dcd49e02831
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BA1C67190A2E0CFCF11D7697C453D97FA67B27704B0CE89BD661AFA2AD2204608CB25
                                                                                                                                                                                                                                                                                                                                                      Function 005442A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1977 5442a2-5442ba CreateStreamOnHGlobal 1978 5442bc-5442d3 FindResourceExW 1977->1978 1979 5442da-5442dd 1977->1979 1980 5835ba-5835c9 LoadResource 1978->1980 1981 5442d9 1978->1981 1980->1981 1982 5835cf-5835dd SizeofResource 1980->1982 1981->1979 1982->1981 1983 5835e3-5835ee LockResource 1982->1983 1983->1981 1984 5835f4-583612 1983->1984 1984->1981
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,005450AA,?,?,00000000,00000000), ref: 005442B2
                                                                                                                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,005450AA,?,?,00000000,00000000), ref: 005442C9
                                                                                                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,005450AA,?,?,00000000,00000000,?,?,?,?,?,?,00544F20), ref: 005835BE
                                                                                                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,005450AA,?,?,00000000,00000000,?,?,?,?,?,?,00544F20), ref: 005835D3
                                                                                                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(005450AA,?,?,005450AA,?,?,00000000,00000000,?,?,?,?,?,?,00544F20,?), ref: 005835E6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06e3dc0d8e48b2379731a75cecc098a6bbc34e883e57613eb543b9b54f9d1480
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a6d3e28194494370f3c04d9b4cd125ccf9ea59b1e35703517f7e87575e41c7a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06e3dc0d8e48b2379731a75cecc098a6bbc34e883e57613eb543b9b54f9d1480
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51117CB8241701BFEB218BA5DC48F677FB9FBD5B55F10816EB44296290DBB1D804DA20
                                                                                                                                                                                                                                                                                                                                                      Function 00582BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00542B6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00611418,?,00542E7F,?,?,?,00000000), ref: 00543A78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,?,?,00602224), ref: 00582C10
                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?,00602224), ref: 00582C17
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: runas
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75060933b1bb077ac0ab6727725a5ff827d62e35f7ebcf75f1354d72806f9923
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2d0fdbad3ba1d781ce26f7a66d578a1c7716d211a1e4292e2b5a0862e09ba4ce
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75060933b1bb077ac0ab6727725a5ff827d62e35f7ebcf75f1354d72806f9923
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E811A2312483436AC714FF60D85A9EEBFA5BBE1759F48582EB142560B2CF218A49D712
                                                                                                                                                                                                                                                                                                                                                      Function 005AD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 005AD501
                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 005AD50F
                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 005AD52F
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005AD5DC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 097aad079fca89ef8244dd7153ca1d8815141e85c2c4f00ca0bc9693bde0a03b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0289ef0cb5376f56699459f31902cf5d4150f6268cd2b32c17d7ebc8d75ff5c4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 097aad079fca89ef8244dd7153ca1d8815141e85c2c4f00ca0bc9693bde0a03b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D93172711083019FD311EF54C885AAFBFF8BFD9354F14092DF582861A1EB719948CBA2
                                                                                                                                                                                                                                                                                                                                                      Function 005ADBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00585222), ref: 005ADBCE
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 005ADBDD
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 005ADBEE
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005ADBFA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1bb3db9e3dd22fca2682e68f9054fc6ff281ea19655157f42157c63a4d1ea701
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29b2b67cd1448d9a620dd8e16f873ab317cb1e6ab4a40add100ce40876234098
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bb3db9e3dd22fca2682e68f9054fc6ff281ea19655157f42157c63a4d1ea701
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00F0A0308119215782307B78AC0D8AE3F7CAF42335B904713F8B7C24E0EBB45D98EAA5
                                                                                                                                                                                                                                                                                                                                                      Function 0059D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 83535d8b55aa1f39b3527ff7a8c4ee51921af669cab88701030e8fe04964530d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9774f660eaf8705ba2bfad1d50ef7ae30a47422ffcf5ad9c7ccf54aa3eeb3eec
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83535d8b55aa1f39b3527ff7a8c4ee51921af669cab88701030e8fe04964530d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91D01269C09109E9CF9497D0CC498BEBB7CFB18301F908853FC0691080E624D50CA771
                                                                                                                                                                                                                                                                                                                                                      Function 00564CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(005728E9,?,00564CBE,005728E9,006088B8,0000000C,00564E15,005728E9,00000002,00000000,?,005728E9), ref: 00564D09
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00564CBE,005728E9,006088B8,0000000C,00564E15,005728E9,00000002,00000000,?,005728E9), ref: 00564D10
                                                                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00564D22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 91333d07f3dfaeb5084076738484bfeaad0aae127d9ca09896e501db8253067f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f8286e637f053ec4edbadf61d27e9c5fc222ac33f32b2f3004ffd06281d3f84a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91333d07f3dfaeb5084076738484bfeaad0aae127d9ca09896e501db8253067f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AE0B631401149ABCF21AF54DD09A583F79FB92791F108416FC098B122CB35DD46EE80
                                                                                                                                                                                                                                                                                                                                                      Function 0059D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 0059D28C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 89be33e66b2a48b114649e5e63acc7ad4aabe106a8b5fe6f44f25383c1e3dcc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a4c186cebdc8fabc064d6800fcea1fa87dbb56b952be46e176e9b4803c9a47fe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89be33e66b2a48b114649e5e63acc7ad4aabe106a8b5fe6f44f25383c1e3dcc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15D0C9B580111DEACFA0CB90DC8CDDDBB7CBB14305F100552F506A2080D73495489F20
                                                                                                                                                                                                                                                                                                                                                      Function 0054BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: p#a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3964851224-799840237
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2d571c58e08cfd3f12959d98dd212801f7fbebefb81c2f804023cdeb24c08aad
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a1c746739a844175b0e7d45fa28252047247483ae25bfb2c0470d6615e4a10f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d571c58e08cfd3f12959d98dd212801f7fbebefb81c2f804023cdeb24c08aad
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CA248706093019FDB54CF18C484B6ABFE1BFC9308F14996DE99A8B392D771E845CB92
                                                                                                                                                                                                                                                                                                                                                      Function 005CAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 0 5caff9-5cb056 call 562340 3 5cb058-5cb06b call 54b567 0->3 4 5cb094-5cb098 0->4 14 5cb06d-5cb092 call 54b567 * 2 3->14 15 5cb0c8 3->15 5 5cb0dd-5cb0e0 4->5 6 5cb09a-5cb0bb call 54b567 * 2 4->6 10 5cb0f5-5cb119 call 547510 call 547620 5->10 11 5cb0e2-5cb0e5 5->11 29 5cb0bf-5cb0c4 6->29 31 5cb11f-5cb178 call 547510 call 547620 call 547510 call 547620 call 547510 call 547620 10->31 32 5cb1d8-5cb1e0 10->32 16 5cb0e8-5cb0ed call 54b567 11->16 14->29 19 5cb0cb-5cb0cf 15->19 16->10 24 5cb0d9-5cb0db 19->24 25 5cb0d1-5cb0d7 19->25 24->5 24->10 25->16 29->5 33 5cb0c6 29->33 80 5cb17a-5cb195 call 547510 call 547620 31->80 81 5cb1a6-5cb1d6 GetSystemDirectoryW call 55fe0b GetSystemDirectoryW 31->81 36 5cb20a-5cb238 GetCurrentDirectoryW call 55fe0b GetCurrentDirectoryW 32->36 37 5cb1e2-5cb1fd call 547510 call 547620 32->37 33->19 46 5cb23c 36->46 37->36 50 5cb1ff-5cb208 call 564963 37->50 49 5cb240-5cb244 46->49 52 5cb275-5cb285 call 5b00d9 49->52 53 5cb246-5cb270 call 549c6e * 3 49->53 50->36 50->52 62 5cb28b-5cb2e1 call 5b07c0 call 5b06e6 call 5b05a7 52->62 63 5cb287-5cb289 52->63 53->52 66 5cb2ee-5cb2f2 62->66 99 5cb2e3 62->99 63->66 73 5cb2f8-5cb321 call 5a11c8 66->73 74 5cb39a-5cb3be CreateProcessW 66->74 84 5cb32a call 5a14ce 73->84 85 5cb323-5cb328 call 5a1201 73->85 77 5cb3c1-5cb3d4 call 55fe14 * 2 74->77 103 5cb42f-5cb43d CloseHandle 77->103 104 5cb3d6-5cb3e8 77->104 80->81 107 5cb197-5cb1a0 call 564963 80->107 81->46 98 5cb32f-5cb33c call 564963 84->98 85->98 115 5cb33e-5cb345 98->115 116 5cb347-5cb357 call 564963 98->116 99->66 109 5cb49c 103->109 110 5cb43f-5cb444 103->110 105 5cb3ed-5cb3fc 104->105 106 5cb3ea 104->106 111 5cb3fe 105->111 112 5cb401-5cb42a GetLastError call 54630c call 54cfa0 105->112 106->105 107->49 107->81 113 5cb4a0-5cb4a4 109->113 117 5cb446-5cb44c CloseHandle 110->117 118 5cb451-5cb456 110->118 111->112 127 5cb4e5-5cb4f6 call 5b0175 112->127 120 5cb4a6-5cb4b0 113->120 121 5cb4b2-5cb4bc 113->121 115->115 115->116 137 5cb359-5cb360 116->137 138 5cb362-5cb372 call 564963 116->138 117->118 124 5cb458-5cb45e CloseHandle 118->124 125 5cb463-5cb468 118->125 120->127 128 5cb4be 121->128 129 5cb4c4-5cb4e3 call 54cfa0 CloseHandle 121->129 124->125 131 5cb46a-5cb470 CloseHandle 125->131 132 5cb475-5cb49a call 5b09d9 call 5cb536 125->132 128->129 129->127 131->132 132->113 137->137 137->138 146 5cb37d-5cb398 call 55fe14 * 3 138->146 147 5cb374-5cb37b 138->147 146->77 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005CB198
                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 005CB1B0
                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 005CB1D4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005CB200
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 005CB214
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 005CB236
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005CB332
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005B05A7: GetStdHandle.KERNEL32(000000F6), ref: 005B05C6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005CB34B
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005CB366
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 005CB3B6
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 005CB407
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005CB439
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005CB44A
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005CB45C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005CB46E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005CB4E3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 24e58fdd35f7aea88b427774c75e7d187311a8c59c35f2bd331b57104e6c7d8d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d00893a6c6538fb9b944e3de0870f83d738a10c4e9803d8c70ba290ce76908c6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24e58fdd35f7aea88b427774c75e7d187311a8c59c35f2bd331b57104e6c7d8d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADF19A315082419FDB24EF64C896B6EBFE5BF84314F14895DF8899B2A2DB31EC44CB52
                                                                                                                                                                                                                                                                                                                                                      Function 0054D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 0054D807
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0054DA07
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0054DB28
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0054DB7B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0054DB89
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0054DB9F
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0054DBB1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0c880df39d02900e07e9b3acd41c804d4618630abdd884557e73ee5958ff4cf5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aee422f3f4a28d4b2dc69afaa11899845e2b479ae0dfcfa177b72104692ee75a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c880df39d02900e07e9b3acd41c804d4618630abdd884557e73ee5958ff4cf5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6242A170604642EFDB24CF24C899BAABFF5FF85308F14895EE55587291D770E844CBA2
                                                                                                                                                                                                                                                                                                                                                      Function 00542CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00542D07
                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00542D31
                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00542D42
                                                                                                                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 00542D5F
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00542D6F
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 00542D85
                                                                                                                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00542D94
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e91bb62baca84c8602e3a98b08e44d61e823fe4b296db21be973d7050e06b305
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d58cfc6e9c1c7aeda977049b2094eb09669d7b3c840b57d671b474b17c3f419
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e91bb62baca84c8602e3a98b08e44d61e823fe4b296db21be973d7050e06b305
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA21E3B5902209AFDB10DFA4E849BDDBFB9FB09701F04811BF621AA2A0D7B10544DF91
                                                                                                                                                                                                                                                                                                                                                      Function 0058065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 457 58065b-58068b call 58042f 460 58068d-580698 call 56f2c6 457->460 461 5806a6-5806b2 call 575221 457->461 466 58069a-5806a1 call 56f2d9 460->466 467 5806cb-580714 call 58039a 461->467 468 5806b4-5806c9 call 56f2c6 call 56f2d9 461->468 477 58097d-580983 466->477 475 580781-58078a GetFileType 467->475 476 580716-58071f 467->476 468->466 481 58078c-5807bd GetLastError call 56f2a3 CloseHandle 475->481 482 5807d3-5807d6 475->482 479 580721-580725 476->479 480 580756-58077c GetLastError call 56f2a3 476->480 479->480 486 580727-580754 call 58039a 479->486 480->466 481->466 496 5807c3-5807ce call 56f2d9 481->496 484 5807d8-5807dd 482->484 485 5807df-5807e5 482->485 489 5807e9-580837 call 57516a 484->489 485->489 490 5807e7 485->490 486->475 486->480 500 580839-580845 call 5805ab 489->500 501 580847-58086b call 58014d 489->501 490->489 496->466 500->501 506 58086f-580879 call 5786ae 500->506 507 58086d 501->507 508 58087e-5808c1 501->508 506->477 507->506 510 5808e2-5808f0 508->510 511 5808c3-5808c7 508->511 514 58097b 510->514 515 5808f6-5808fa 510->515 511->510 513 5808c9-5808dd 511->513 513->510 514->477 515->514 516 5808fc-58092f CloseHandle call 58039a 515->516 519 580931-58095d GetLastError call 56f2a3 call 575333 516->519 520 580963-580977 516->520 519->520 520->514
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0058039A: CreateFileW.KERNEL32(00000000,00000000,?,00580704,?,?,00000000,?,00580704,00000000,0000000C), ref: 005803B7
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0058076F
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00580776
                                                                                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 00580782
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0058078C
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00580795
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005807B5
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005808FF
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00580931
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00580938
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a02fa8d95d93f706bd14784a61c16095eeb978658478dec0735b89aff4d135fb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b427b75e6f195fde5d20d44900d94cfa7bf74768f002a27c9a7e08686b65ceb7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a02fa8d95d93f706bd14784a61c16095eeb978658478dec0735b89aff4d135fb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AA12632A001098FDF19AF68DC56BAD3FA1FB46320F14515AFC15EB2D1DB31985ACB91
                                                                                                                                                                                                                                                                                                                                                      Function 0054344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00611418,?,00542E7F,?,?,?,00000000), ref: 00543A78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00543379
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0054356A
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0058318D
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 005831CE
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00583210
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00583277
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00583286
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bb7c2f44d705e5410d3c59bbdcaefc6f467fe5c2e9c98e211333e6ba181f51d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eb6b7caa47ff137116c203e96338258a2c6ea4f9e8931aec9ddc7fd83f485fe2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb7c2f44d705e5410d3c59bbdcaefc6f467fe5c2e9c98e211333e6ba181f51d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59718A714043029EC714EF29D89A9EBBFE9FF84744F44982FF49593160EB309A58CB52
                                                                                                                                                                                                                                                                                                                                                      Function 00542B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00542B8E
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00542B9D
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00542BB3
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00542BC5
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00542BD7
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00542BEF
                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00542C40
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00542CD4: GetSysColorBrush.USER32(0000000F), ref: 00542D07
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00542CD4: RegisterClassExW.USER32(00000030), ref: 00542D31
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00542CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00542D42
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00542CD4: InitCommonControlsEx.COMCTL32(?), ref: 00542D5F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00542CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00542D6F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00542CD4: LoadIconW.USER32(000000A9), ref: 00542D85
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00542CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00542D94
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ec70435e50318d05f183ea7b88d85b9589e075c82918915dc1bd26c3a5877e5e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 734a8a05d1b527eb5e388c22cc6fde8b27ec31a911976e2c23383a51ba4a6097
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec70435e50318d05f183ea7b88d85b9589e075c82918915dc1bd26c3a5877e5e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D214F70E01314ABDB109F96EC55AD97FB6FB49B50F08901BF610AA6A4D3B11A44DF90
                                                                                                                                                                                                                                                                                                                                                      Function 0054B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0054BB4E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: p#a$p#a$p#a$p#a$p%a$p%a$x#a$x#a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-3617822177
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bea69fdc4c0e63d0560f379eac692ea4a42a2e51bc85d393c73953560f02a91d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 50019257f5a4ddd8de81d8a18ba9cd55bdb470f0f84c594a70427a464c262206
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bea69fdc4c0e63d0560f379eac692ea4a42a2e51bc85d393c73953560f02a91d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9329E35A0020A9FEF14CF54C894AFABFBAFF44318F18885AE915AB291C774ED41DB51
                                                                                                                                                                                                                                                                                                                                                      Function 00543170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 805 543170-543185 806 5431e5-5431e7 805->806 807 543187-54318a 805->807 806->807 808 5431e9 806->808 809 54318c-543193 807->809 810 5431eb 807->810 811 5431d0-5431d8 DefWindowProcW 808->811 814 543265-54326d PostQuitMessage 809->814 815 543199-54319e 809->815 812 582dfb-582e23 call 5418e2 call 55e499 810->812 813 5431f1-5431f6 810->813 816 5431de-5431e4 811->816 851 582e28-582e2f 812->851 818 54321d-543244 SetTimer RegisterWindowMessageW 813->818 819 5431f8-5431fb 813->819 817 543219-54321b 814->817 821 5431a4-5431a8 815->821 822 582e7c-582e90 call 5abf30 815->822 817->816 818->817 826 543246-543251 CreatePopupMenu 818->826 823 582d9c-582d9f 819->823 824 543201-54320f KillTimer call 5430f2 819->824 827 582e68-582e72 call 5ac161 821->827 828 5431ae-5431b3 821->828 822->817 846 582e96 822->846 830 582da1-582da5 823->830 831 582dd7-582df6 MoveWindow 823->831 841 543214 call 543c50 824->841 826->817 842 582e77 827->842 835 582e4d-582e54 828->835 836 5431b9-5431be 828->836 838 582dc6-582dd2 SetFocus 830->838 839 582da7-582daa 830->839 831->817 835->811 840 582e5a-582e63 call 5a0ad7 835->840 844 5431c4-5431ca 836->844 845 543253-543263 call 54326f 836->845 838->817 839->844 847 582db0-582dc1 call 5418e2 839->847 840->811 841->817 842->817 844->811 844->851 845->817 846->811 847->817 851->811 852 582e35-582e48 call 5430f2 call 543837 851->852 852->811
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0054316A,?,?), ref: 005431D8
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,0054316A,?,?), ref: 00543204
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00543227
                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0054316A,?,?), ref: 00543232
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00543246
                                                                                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00543267
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 73056159672ef7ced61adf698349ff08f9166149592cfa6955a2a99a47b748d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 725f02d98a31f6ac9eaeb4b244474f576d599accd5e326c104ba7d5591be2a34
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73056159672ef7ced61adf698349ff08f9166149592cfa6955a2a99a47b748d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00412735204205ABDF242B38DC5DBFD3F1AF746308F08552BFA129A1B5C7B19A40D761
                                                                                                                                                                                                                                                                                                                                                      Function 0054DFD0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%a$D%a$D%a$D%a$D%aD%a$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2778846170
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7348b5528c5aa8a3ba70d2c8a170428b7619898dbd3007ba87b280236501988
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eb0e80b761e6d3ee3af7efbfbd927027a4566eba2bea905b9bbd0bdfd1718c91
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7348b5528c5aa8a3ba70d2c8a170428b7619898dbd3007ba87b280236501988
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DEC2AC75A00205CFCB24CF58C896AEDBBB1FF48318F24856AE956AB391D371ED41CB91
                                                                                                                                                                                                                                                                                                                                                      Function 0054EC40 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0054FE66
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%a$D%a$D%a$D%a$D%aD%a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-4023349363
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f84296cb682b5b64f2233471009e888b5cdf9ac96c7a5b0120cbdc16d9ca28f0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f657b0f4ff081500c50b8f658ed0d91fa1377ce27fdb3028c2710999104834d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f84296cb682b5b64f2233471009e888b5cdf9ac96c7a5b0120cbdc16d9ca28f0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81B27A74A08341CFDB24CF18C495AAABFE1BF89308F24496EE8859B351D771ED45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00541410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1814 541410-541449 1815 5824b8-5824b9 DestroyWindow 1814->1815 1816 54144f-541465 mciSendStringW 1814->1816 1819 5824c4-5824d1 1815->1819 1817 5416c6-5416d3 1816->1817 1818 54146b-541473 1816->1818 1821 5416d5-5416f0 UnregisterHotKey 1817->1821 1822 5416f8-5416ff 1817->1822 1818->1819 1820 541479-541488 call 54182e 1818->1820 1823 582500-582507 1819->1823 1824 5824d3-5824d6 1819->1824 1835 58250e-58251a 1820->1835 1836 54148e-541496 1820->1836 1821->1822 1826 5416f2-5416f3 call 5410d0 1821->1826 1822->1818 1827 541705 1822->1827 1823->1819 1832 582509 1823->1832 1828 5824d8-5824e0 call 546246 1824->1828 1829 5824e2-5824e5 FindClose 1824->1829 1826->1822 1827->1817 1834 5824eb-5824f8 1828->1834 1829->1834 1832->1835 1834->1823 1840 5824fa-5824fb call 5b32b1 1834->1840 1837 58251c-58251e FreeLibrary 1835->1837 1838 582524-58252b 1835->1838 1841 54149c-5414c1 call 54cfa0 1836->1841 1842 582532-58253f 1836->1842 1837->1838 1838->1835 1843 58252d 1838->1843 1840->1823 1852 5414c3 1841->1852 1853 5414f8-541503 CoUninitialize 1841->1853 1844 582541-58255e VirtualFree 1842->1844 1845 582566-58256d 1842->1845 1843->1842 1844->1845 1848 582560-582561 call 5b3317 1844->1848 1845->1842 1849 58256f 1845->1849 1848->1845 1854 582574-582578 1849->1854 1856 5414c6-5414f6 call 541a05 call 5419ae 1852->1856 1853->1854 1855 541509-54150e 1853->1855 1854->1855 1859 58257e-582584 1854->1859 1857 541514-54151e 1855->1857 1858 582589-582596 call 5b32eb 1855->1858 1856->1853 1863 541524-54152f call 54988f 1857->1863 1864 541707-541714 call 55f80e 1857->1864 1870 582598 1858->1870 1859->1855 1875 541535 call 541944 1863->1875 1864->1863 1874 54171a 1864->1874 1876 58259d-5825bf call 55fdcd 1870->1876 1874->1864 1877 54153a-5415a5 call 5417d5 call 55fe14 call 54177c call 54988f call 54cfa0 call 5417fe call 55fe14 1875->1877 1882 5825c1 1876->1882 1877->1876 1904 5415ab-5415cf call 55fe14 1877->1904 1885 5825c6-5825e8 call 55fdcd 1882->1885 1892 5825ea 1885->1892 1895 5825ef-582611 call 55fdcd 1892->1895 1900 582613 1895->1900 1903 582618-582625 call 5a64d4 1900->1903 1909 582627 1903->1909 1904->1885 1910 5415d5-5415f9 call 55fe14 1904->1910 1912 58262c-582639 call 55ac64 1909->1912 1910->1895 1915 5415ff-541619 call 55fe14 1910->1915 1919 58263b 1912->1919 1915->1903 1920 54161f-541643 call 5417d5 call 55fe14 1915->1920 1922 582640-58264d call 5b3245 1919->1922 1920->1912 1929 541649-541651 1920->1929 1927 58264f 1922->1927 1930 582654-582661 call 5b32cc 1927->1930 1929->1922 1931 541657-541668 call 54988f call 54190a 1929->1931 1936 582663 1930->1936 1938 54166d-541675 1931->1938 1939 582668-582675 call 5b32cc 1936->1939 1938->1930 1940 54167b-541689 1938->1940 1946 582677 1939->1946 1940->1939 1942 54168f-5416c5 call 54988f * 3 call 541876 1940->1942 1946->1946
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00541459
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 005414F8
                                                                                                                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 005416DD
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 005824B9
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0058251E
                                                                                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0058254B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8d69f218c8d11e6866db52706714d4a0e19b21877630c3dd918130dc06444fae
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 599f53f5a49b1ed51a2a4f7c1cd9de68cb8f8b5d06db02d6e0b741ea4f2182a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d69f218c8d11e6866db52706714d4a0e19b21877630c3dd918130dc06444fae
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48D18C307016138FCB29EF15C499AA9FFA4BF45704F1442AEE84A6B262DB30ED56CF54
                                                                                                                                                                                                                                                                                                                                                      Function 005ADE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1953 5ade27-5ade4a WSAStartup 1954 5ade50-5ade71 gethostname gethostbyname 1953->1954 1955 5adee6-5adef2 call 564983 1953->1955 1954->1955 1956 5ade73-5ade7a 1954->1956 1963 5adef3-5adef6 1955->1963 1958 5ade7c-5ade81 1956->1958 1959 5ade83-5ade85 1956->1959 1958->1958 1958->1959 1961 5ade96-5adedb call 560e20 inet_ntoa call 56d5f0 call 5aebd1 call 564983 call 55fe14 1959->1961 1962 5ade87-5ade94 call 564983 1959->1962 1969 5adede-5adee4 WSACleanup 1961->1969 1962->1969 1969->1963
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 598b5877bfba7c8d564179269df9718c743ba6751d8aeb6213fc27352421903f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 818c71d658f982572c765e8ca8b57869d32cfb647ee19400964628e49f6c34ed
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 598b5877bfba7c8d564179269df9718c743ba6751d8aeb6213fc27352421903f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2711D231904116AFCB34BB209C4AEEE7FBCFB62711F00016AF5569A091EF718A859A70
                                                                                                                                                                                                                                                                                                                                                      Function 00542C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1987 542c63-542cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00542C91
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00542CB2
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00541CAD,?), ref: 00542CC6
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00541CAD,?), ref: 00542CCF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7c6016bf6f137dbdd7d710830770ab1c1b016ebd9b3f274f38b143aecf96b189
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b4cf71adcf23ec00b1d6a5718df65c978ddd2b693fd9c4ec5058ca3f8b3ea11
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c6016bf6f137dbdd7d710830770ab1c1b016ebd9b3f274f38b143aecf96b189
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03F0DA755402907BEB311717AC08EB76EBEE7C7F50B04915FFA10EA6A4C6611854EAB0
                                                                                                                                                                                                                                                                                                                                                      Function 00543B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 2412 543b1c-543b27 2413 543b99-543b9b 2412->2413 2414 543b29-543b2e 2412->2414 2415 543b8c-543b8f 2413->2415 2414->2413 2416 543b30-543b48 RegOpenKeyExW 2414->2416 2416->2413 2417 543b4a-543b69 RegQueryValueExW 2416->2417 2418 543b80-543b8b RegCloseKey 2417->2418 2419 543b6b-543b76 2417->2419 2418->2415 2420 543b90-543b97 2419->2420 2421 543b78-543b7a 2419->2421 2422 543b7e 2420->2422 2421->2422 2422->2418
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00543B0F,SwapMouseButtons,00000004,?), ref: 00543B40
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00543B0F,SwapMouseButtons,00000004,?), ref: 00543B61
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00543B0F,SwapMouseButtons,00000004,?), ref: 00543B83
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 82d8fd3d90b87c280aa4b682dd02efc46cf2f080d2d2e1187d9cac6547a47a91
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3df65d9234c349dbac87fd2fa0bb6f974338dd01a9f62ed542a7c0ae45300fcf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82d8fd3d90b87c280aa4b682dd02efc46cf2f080d2d2e1187d9cac6547a47a91
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB112AB5511208FFDB218FA5DC48AEEBBB8FF04748B10895AA805D7120E2319E44A760
                                                                                                                                                                                                                                                                                                                                                      Function 0059D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 2423 59d3a0-59d3a9 2424 59d3ab-59d3b7 2423->2424 2425 59d376-59d37b 2423->2425 2427 59d3c9 2424->2427 2428 59d3b9-59d3c7 GetProcAddress 2424->2428 2426 59d292-59d2a8 2425->2426 2431 59d2a9 2426->2431 2430 59d3ce-59d3de 2427->2430 2428->2427 2428->2430 2430->2426 2433 59d3e4-59d3eb FreeLibrary 2430->2433 2431->2431 2433->2426
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0059D3BF
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 0059D3E5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ffef31af8717e5524d5365faf2221bffd1dd7acc2e148bb64219fce6811a43a9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e782dc5b956481027c4b54e92c08d7b26877fd1a2f97cbdf88c51d3d91365e2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffef31af8717e5524d5365faf2221bffd1dd7acc2e148bb64219fce6811a43a9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDF0E526806622DBDF7557204C689A93F74BF11702BA98D57EC02EA254DB20CD88D6B2
                                                                                                                                                                                                                                                                                                                                                      Function 00543923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 005833A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00543A04
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5508a15fe40939a55e0b12f3b29aaf67d58564f47a5fcffd4326f98048d10e1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6f163062b940b39ee2107102e8f59208358f6d869af6fee1d309e7c700525438
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5508a15fe40939a55e0b12f3b29aaf67d58564f47a5fcffd4326f98048d10e1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B31C571448305AAD721EF20DC49BDBBBE8BF81718F14492AF599931A1EF709648C7C3
                                                                                                                                                                                                                                                                                                                                                      Function 00542DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 00582C8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00543A97,?,?,00542E7F,?,?,?,00000000), ref: 00543AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00542DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00542DC4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID: X$`e`
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 779396738-4244537060
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 066e1ed0d9693af29485f7795e02fe70d623488a8f2ec1f7eaef4f18d6bc86c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9431f676c3e7497c8df4a94f783edc0fa8a6e60759bf68d2b5400f2c4017acf1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 066e1ed0d9693af29485f7795e02fe70d623488a8f2ec1f7eaef4f18d6bc86c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81215171A002599BDB05AF94C849BEE7FFDAF89318F00805AF505B7281DBB45A498F61
                                                                                                                                                                                                                                                                                                                                                      Function 0055FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00560668
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005632A4: RaiseException.KERNEL32(?,?,?,0056068A,?,00611444,?,?,?,?,?,?,0056068A,00541129,00608738,00541129), ref: 00563304
                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00560685
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc9d002275af1c049c96e216a22851c64b9ae74af2ca1c6480e62e46769d75f2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e1852ee48f6c58bd47a4ec47ace3c22dcd413c342bb728b627cac55fadb2d591
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc9d002275af1c049c96e216a22851c64b9ae74af2ca1c6480e62e46769d75f2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93F0C23890020E77CF04BAA4DC5AC9F7F7D7E80310B604532B914975D1EF71DA69CA81
                                                                                                                                                                                                                                                                                                                                                      Function 005410F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00541BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00541BF4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00541BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00541BFC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00541BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00541C07
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00541BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00541C12
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00541BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00541C1A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00541BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00541C22
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00541B4A: RegisterWindowMessageW.USER32(00000004,?,005412C4), ref: 00541BA2
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0054136A
                                                                                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32 ref: 00541388
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 005824AB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a0d050a2f90a09cbec126fac31f05fa665280da123553d1a1f8a72126a764f23
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 00c8a5cd9f537961d54aadfc5e94a72e7ae10aaa009faf37375751ff31945888
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0d050a2f90a09cbec126fac31f05fa665280da123553d1a1f8a72126a764f23
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F671A8F49122068EC784EF7AA8596D53EE3BB8A74471CE22BD60ACF361EB304445CF44
                                                                                                                                                                                                                                                                                                                                                      Function 005AC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00543A04
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 005AC259
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 005AC261
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 005AC270
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 24de118fd0b86f31aa5e166162baefc5524d5737003e582f314cf70125562554
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d0e49270ea9ebf0b336efa7355eb56799847c18cf4abad82789296a72b0dbf3b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24de118fd0b86f31aa5e166162baefc5524d5737003e582f314cf70125562554
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B831C374904344AFEB328F648855BEBBFEDAF17308F04049ED2DAA7241C3745A88CB51
                                                                                                                                                                                                                                                                                                                                                      Function 005786AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,?,005785CC,?,00608CC8,0000000C), ref: 00578704
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,005785CC,?,00608CC8,0000000C), ref: 0057870E
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00578739
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f1a89211920925d5e7f2a36def51c7742aad89a97b6bf5aef72f20cce3cee441
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fe32f3aa6e3733957e4e28855d0e0578aba1747f4a6223a381ca3e07709ceec7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1a89211920925d5e7f2a36def51c7742aad89a97b6bf5aef72f20cce3cee441
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44016F32A4512036D6246634784E77E2F467BE1774F39C51AF80C8B1E2DDE19C81B150
                                                                                                                                                                                                                                                                                                                                                      Function 0054DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0054DB7B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0054DB89
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0054DB9F
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0054DBB1
                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 00591CC9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 852d8342177c5a2abb5ae76a852b7209395c78f3e20873d8ac5fe9fae9f0d6e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab016ea30ef6bef5b24df0e5a6d1d898b99685c57fc66018fe9718b69f918e8f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 852d8342177c5a2abb5ae76a852b7209395c78f3e20873d8ac5fe9fae9f0d6e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAF05E306453429BEB30CB608C49FEA7BB9FB85310F108A1AE61A870C0DB309488DB29
                                                                                                                                                                                                                                                                                                                                                      Function 00551310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 005517F6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 07b6d3e176db6f84de4af229641cb0434dce877b84c38da9448edd9541702c83
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 186dfbdd3e5e92f6da159874362c42a04f041bb7b9961533dd8eef6743c89e5f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07b6d3e176db6f84de4af229641cb0434dce877b84c38da9448edd9541702c83
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3229C706086029FCB14DF14C4A4B2ABFF1BF85315F14891EF8968B3A2D731E949CB96
                                                                                                                                                                                                                                                                                                                                                      Function 005501E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c5938e59b5136d28dd7d6823c40d0cc6c500bddfc700a2b6460cf1b813d7123
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1cce1011af73083f81a56f1fd2d555496acb6a86f0228b74657bf70aef9d7582
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c5938e59b5136d28dd7d6823c40d0cc6c500bddfc700a2b6460cf1b813d7123
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1732EF30A00606DFCF21DF54C899BAEBFB1BF44311F14896AED15AB2A1E730AD58CB51
                                                                                                                                                                                                                                                                                                                                                      Function 0059D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetComputerNameW.KERNEL32(?,?), ref: 0059D375
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: df9965c2a2cbc92e3b74a0d6c570cb55b1d3114089716fb8d7ca806c0ae932e5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 03e031ed8f7f0f9805c464afdfcc366d5f59161bd6417f84132e1ae35b669018
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df9965c2a2cbc92e3b74a0d6c570cb55b1d3114089716fb8d7ca806c0ae932e5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CED0C9B9805119EBCFA4CB40DC88DD9BB7CBB14301F904A52F402A2040D7349588AB20
                                                                                                                                                                                                                                                                                                                                                      Function 00543837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00543908
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0e8d673dee70961754cf1042958cb4638e09065beafc419d29932487055170fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a342d5eb711fac7dad2642a1f644db81b351162fe36916a3dbf3751cf74965b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e8d673dee70961754cf1042958cb4638e09065beafc419d29932487055170fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 413171B06057019FD720DF24D8857DBBFE8FB49708F04092EFAA997250E771AA44CB52
                                                                                                                                                                                                                                                                                                                                                      Function 0055F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0055F661
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0054D730: GetInputState.USER32 ref: 0054D807
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0059F2DE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd6f163c203550db583893c33ce396687453cd322ffacb32804c31309762f786
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ff025c79759b868305b998ad33ab4d405fdd6690ac0ea9c6cd492c2f8c0f2fa7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd6f163c203550db583893c33ce396687453cd322ffacb32804c31309762f786
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BF082312402069FD310EF65D549B9ABFE4FF95761F00002AE85DC7260DB70A804CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00544ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00544E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00544EDD,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544E9C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00544E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00544EAE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00544E90: FreeLibrary.KERNEL32(00000000,?,?,00544EDD,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544EC0
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544EFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00544E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00583CDE,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544E62
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00544E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00544E74
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00544E59: FreeLibrary.KERNEL32(00000000,?,?,00583CDE,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544E87
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 19f7948cb3a77d19f6c0207a5bd032067c5ec723196fae8459a044db51fcec12
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5cfe992695e77fadfe44afe4dbbbf5bf949a7c74a5a339466e28cc52fa83f9c0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19f7948cb3a77d19f6c0207a5bd032067c5ec723196fae8459a044db51fcec12
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D11C831640206AADB24BB64D80ABED7FA5BF90714F10441AF542A62D1EE709A599B50
                                                                                                                                                                                                                                                                                                                                                      Function 00578402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 92e7a8c588c732234dadbee9cd7a4f946c47662e2538d78dcefbcf2972ff3b88
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7931c3390c775c47fbb02da2326c6d91a3af06a04281ed25aafc840ea064de58
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92e7a8c588c732234dadbee9cd7a4f946c47662e2538d78dcefbcf2972ff3b88
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8011487190410AAFCF05DF58E9459AA7BF5FF48314F148059FC08AB312DA71DA11DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 00541CD0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00542B12,00611418,?,?,?,?,?,?,?,00541CAD,?), ref: 00541D11
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FullNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4019309064-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ec541c8479e05838f06e4c71b4aea5c76e5e8741d058edc43ef6d8f3821edb98
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d558b6514399d61b064a8614b3d5b06f8080f088ed7b424199936ad59eda7a31
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec541c8479e05838f06e4c71b4aea5c76e5e8741d058edc43ef6d8f3821edb98
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9118471A0061A9ACB20FBA4C809ED97FFDFF49748F004062BA99DB251DA70D7C49725
                                                                                                                                                                                                                                                                                                                                                      Function 0056E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1c07a3e5523d589e43ba5ec56a055ff110f22feac4147aa3b604a1fea1c401ee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BF02D36912A159AD7313A75FC0EB573F98BFD2330F104B15F428931D1CB70D8429AA6
                                                                                                                                                                                                                                                                                                                                                      Function 00573820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00611444,?,0055FDF5,?,?,0054A976,00000010,00611440,005413FC,?,005413C6,?,00541129), ref: 00573852
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6b82ac25f9b18887d85944793eedc96230d64c6292167ca9d8b360b065e1fa4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: defe81f782f898059d376b0c79599c64bbacb4776c6360bab302c5e281816dbe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6b82ac25f9b18887d85944793eedc96230d64c6292167ca9d8b360b065e1fa4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75E0E53110322696D7312A67BC14F9A7F49BB827B0F058122BC1C97581CB31DD01B6E3
                                                                                                                                                                                                                                                                                                                                                      Function 00544F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544F6D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3f95a45ff9d88ebad95434ae80d17d7e407806a6b17b8afd0b79187c2b04a3c2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 72a640fd6a226c295b6d41e53b0b9e2ce7761ecd1de24c1356febbd2b3540d0d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f95a45ff9d88ebad95434ae80d17d7e407806a6b17b8afd0b79187c2b04a3c2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06F01C71145752EFDB349F64D494952BFE4BF14319310896EE1EA83621C7319848DF10
                                                                                                                                                                                                                                                                                                                                                      Function 005D2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 005D2A66
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9da294c6d5b5347e8f6e6684f1931441a4689ef692febcb807ebead9705d4f80
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7ba3fff5a0082e15649da21f2ab31f8a889fe450dc608f287ac2054af7b07394
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9da294c6d5b5347e8f6e6684f1931441a4689ef692febcb807ebead9705d4f80
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FE01A36250116AAC764AA34D8848FEAB5CFBA5395B104937A816C2210EA609995D6A0
                                                                                                                                                                                                                                                                                                                                                      Function 005430F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0054314E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 612a1f4bfe5f618cf610e5bc10efe032f48bed63192a73bde77dff0ffb3339ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0f6a6988ae5553bd91b5cd6ed5746f398fa2788df149df60b9dd6b15f7b53e73
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 612a1f4bfe5f618cf610e5bc10efe032f48bed63192a73bde77dff0ffb3339ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1F0A7709003589FEB529B24DC497D97BBCB70170CF0401E6A24897295D7704788CF41
                                                                                                                                                                                                                                                                                                                                                      Function 00542DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00542DC4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c54efac8c2eecf62194e444ef2484a225272c52ae271957087dbdef7c83f9661
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4dc97417d866dd123b876bfb583b744f43da96b10aecfea2bd8bfd72164b9874
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c54efac8c2eecf62194e444ef2484a225272c52ae271957087dbdef7c83f9661
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08E0CD766001255BCB20A2589C09FDA7BDDEFC8794F040072FD09E7248D960AD84C655
                                                                                                                                                                                                                                                                                                                                                      Function 00542B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00543908
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0054D730: GetInputState.USER32 ref: 0054D807
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00542B6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005430F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0054314E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 17df04c19b346463349b5f8bec195cd2a9fd895515df21b1c5532d39b02adea2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8629bcd48f75e88a550becc49c7d7213666d7f9ef389284673a4f5866bc0b98c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17df04c19b346463349b5f8bec195cd2a9fd895515df21b1c5532d39b02adea2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9E0263130020603CB04BB34981A5EDBF9AFBE235DF44153FF14287173CE6146898311
                                                                                                                                                                                                                                                                                                                                                      Function 005ADF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 005ADF40
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2d832da03003396200bc4a900cb7059db3d01b9cc0ed5f937f91175f0af30f4c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 236af46ee91f3d82defd8efd72ccce58a46fcbcf5777e56cf0702ebf4ee092e3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d832da03003396200bc4a900cb7059db3d01b9cc0ed5f937f91175f0af30f4c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11D05EB2A003292BDF60A6749D0DDF73AACD780214F0006A1786DD3152E920DD4486B0
                                                                                                                                                                                                                                                                                                                                                      Function 0058039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,00580704,?,?,00000000,?,00580704,00000000,0000000C), ref: 005803B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1773c59d315bc10c9f5127b5ec6cebfae7e95f201e4e9c97b361fc7031afea9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fc2320c71e7f05fecdf3642cc5fe9cf2afe8ce949ad842c2e7bf025ce528d232
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1773c59d315bc10c9f5127b5ec6cebfae7e95f201e4e9c97b361fc7031afea9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AD06C3204010DBBDF128F84DD06EDA3FAAFB48714F014001BE1856120C732E821EB90
                                                                                                                                                                                                                                                                                                                                                      Function 00541CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00541CBC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: af1bb1a948cb9b0fec9de18de11091df806f400eea734f4eb68cd3b4b575cf9c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 97b1f9702207b6b5867db3646efe6c66c11462aeec5a86777c1150cc108d03ed
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af1bb1a948cb9b0fec9de18de11091df806f400eea734f4eb68cd3b4b575cf9c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83C09B352803059FF7144780BC5AF507B56E358B00F08D103F709595E3C3A11430E750

                                                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 005D9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00559BB2
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 005D961A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 005D965B
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 005D969F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005D96C9
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 005D96F2
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 005D978B
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 005D9798
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 005D97AE
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 005D97B8
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005D97E9
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 005D9810
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,005D7E95), ref: 005D9918
                                                                                                                                                                                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 005D992E
                                                                                                                                                                                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 005D9941
                                                                                                                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 005D994A
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 005D99AF
                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 005D99BC
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005D99D6
                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 005D99E1
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 005D9A19
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 005D9A26
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 005D9A80
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 005D9AAE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 005D9AEB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 005D9B1A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 005D9B3B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 005D9B4A
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 005D9B68
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 005D9B75
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 005D9B93
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 005D9BFA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 005D9C2B
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 005D9C84
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 005D9CB4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 005D9CDE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 005D9D01
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 005D9D4E
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 005D9D82
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559944: GetWindowLongW.USER32(?,000000EB), ref: 00559952
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D9E05
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGID$F$p#a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429851547-3518813251
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8588b6a37cb89852f22b1e56878bc4d470110d4aa847397c70b452a68ea96e1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aab5ad36cc959ba649a86467305b6d514c3839abe81f449b345c573b08982532
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8588b6a37cb89852f22b1e56878bc4d470110d4aa847397c70b452a68ea96e1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89426874205241AFDB34CF28C848AAABFE5FF89310F144A1BF6999B3A1D731E854DB51
                                                                                                                                                                                                                                                                                                                                                      Function 005D4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 005D48F3
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 005D4908
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 005D4927
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 005D494B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 005D495C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 005D497B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 005D49AE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 005D49D4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 005D4A0F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 005D4A56
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 005D4A7E
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 005D4A97
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 005D4AF2
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 005D4B20
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D4B94
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 005D4BE3
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 005D4C82
                                                                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 005D4CAE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 005D4CC9
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 005D4CF1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 005D4D13
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 005D4D33
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 005D4D5A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f1b740241218df6a7988c33ba946603395145c8e55b0a89dbbc28134ee38164
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ccd8d28feda5bf24d07c785689808bde1f40959bc12544da3ebd48c7c499deaf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f1b740241218df6a7988c33ba946603395145c8e55b0a89dbbc28134ee38164
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2912CC71600216ABEB349F28CC49FAE7FA8FF85710F10452BF916EA2A1DB749945CF50
                                                                                                                                                                                                                                                                                                                                                      Function 0055F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0055F998
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0059F474
                                                                                                                                                                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 0059F47D
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000009), ref: 0059F48A
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0059F494
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0059F4AA
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0059F4B1
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0059F4BD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 0059F4CE
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 0059F4D6
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0059F4DE
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0059F4E1
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0059F4F6
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0059F501
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0059F50B
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0059F510
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0059F519
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0059F51E
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0059F528
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0059F52D
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0059F530
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0059F557
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a67a88fa78578f757d305813d16236f15a1fc1865a46392d317369167197d9c7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 19b5cffb573349cedc3d66ead7ed61a5f3639e5a1ea73b425a37b82c8d1448c6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a67a88fa78578f757d305813d16236f15a1fc1865a46392d317369167197d9c7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67312D71A41219BAEF306BA55C4AFBF7F6CEB44B50F110467FA05E61D1C6B19900EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005A1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 005A170D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 005A173A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A16C3: GetLastError.KERNEL32 ref: 005A174A
                                                                                                                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 005A1286
                                                                                                                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 005A12A8
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005A12B9
                                                                                                                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 005A12D1
                                                                                                                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 005A12EA
                                                                                                                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 005A12F4
                                                                                                                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 005A1310
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,005A11FC), ref: 005A10D4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10BF: CloseHandle.KERNEL32(?,?,005A11FC), ref: 005A10E9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: $default$winsta0$Z`
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 22674027-3195565764
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b9e9876f4fe643735dcaacb6a430385efb82731b5f2d8d510950b6b06f0151c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c742443702ab4726f05b1a689d526e43077eaca7427fd5a84c98e5efc23c462b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9e9876f4fe643735dcaacb6a430385efb82731b5f2d8d510950b6b06f0151c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3819C7190060AAFDF219FA8DC49FEE7FB9FF09704F14412AFA11A61A0D7318948DB24
                                                                                                                                                                                                                                                                                                                                                      Function 005A0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 005A1114
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A1120
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A112F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A1136
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 005A114D
                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 005A0BCC
                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 005A0C00
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 005A0C17
                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 005A0C51
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 005A0C6D
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 005A0C84
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 005A0C8C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 005A0C93
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 005A0CB4
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 005A0CBB
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 005A0CEA
                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 005A0D0C
                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 005A0D1E
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 005A0D45
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A0D4C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 005A0D55
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A0D5C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 005A0D65
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A0D6C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 005A0D78
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A0D7F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1193: GetProcessHeap.KERNEL32(00000008,005A0BB1,?,00000000,?,005A0BB1,?), ref: 005A11A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,005A0BB1,?), ref: 005A11A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,005A0BB1,?), ref: 005A11B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f97cdc7f11abb77eb7aeb83d0b5b78307bc5d71558d00687a100959619edcaa0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4282bfbf67efa0e389e1a6a6d17cf6f23b8f76c0b661a63446afbf4a1961a91
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f97cdc7f11abb77eb7aeb83d0b5b78307bc5d71558d00687a100959619edcaa0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26716C7290121AEBDF20DFE4DC48BAEBFB8BF15310F044616E915A7291D771A909CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005BEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(005DCC08), ref: 005BEB29
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 005BEB37
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 005BEB43
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 005BEB4F
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 005BEB87
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 005BEB91
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 005BEBBC
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 005BEBC9
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 005BEBD1
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 005BEBE2
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 005BEC22
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 005BEC38
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000F), ref: 005BEC44
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 005BEC55
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 005BEC77
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 005BEC94
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 005BECD2
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 005BECF3
                                                                                                                                                                                                                                                                                                                                                      • CountClipboardFormats.USER32 ref: 005BED14
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 005BED59
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ea233e7d9671f6874acb1b5bb8f006582bae9b3b2e68f71bb030b1998d4645ce
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fba7efea78eec0d704bf540e9f4093a576973051f9f718f5ad4feda46932f137
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea233e7d9671f6874acb1b5bb8f006582bae9b3b2e68f71bb030b1998d4645ce
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE61C2352042029FD310EF24D88AFEA7FA4BF95714F18451EF456972A2CB71ED09DB62
                                                                                                                                                                                                                                                                                                                                                      Function 005B698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 005B69BE
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005B6A12
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 005B6A4E
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 005B6A75
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 005B6AB2
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 005B6ADF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 83e6a4a8e5705657ff822866b06d8d9a741350818607d35f5e37cc352f075323
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c438a56edb57c264c924ae0ad2a095c72eb95d70ebd8b828bd1c1d6f5d3b48c8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83e6a4a8e5705657ff822866b06d8d9a741350818607d35f5e37cc352f075323
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87D14071508301AEC714EBA4C89AEEFBBECBFC8704F444919F585D6191EB34DA48CB62
                                                                                                                                                                                                                                                                                                                                                      Function 005B9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 005B9663
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 005B96A1
                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 005B96BB
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 005B96D3
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005B96DE
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 005B96FA
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 005B974A
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00606B7C), ref: 005B9768
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 005B9772
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005B977F
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005B978F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 21c3bb90964c1dfbaa994a5e2bc11cf00ceb383cfb1df85c21a9f8a91994b2c6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e68949527c61de7d94c13f846137840d96e3ffdaf286dbebe5d7bc6735900ca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21c3bb90964c1dfbaa994a5e2bc11cf00ceb383cfb1df85c21a9f8a91994b2c6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F431B07654121A6ADB24AFB4DC49ADE7FACFF4A320F104157FA15E21A0EB30ED84DA50
                                                                                                                                                                                                                                                                                                                                                      Function 005B979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 005B97BE
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 005B9819
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005B9824
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 005B9840
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 005B9890
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00606B7C), ref: 005B98AE
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 005B98B8
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005B98C5
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005B98D5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005ADAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 005ADB00
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 256236958fde0f3f6b843a1a8dc42f8139e707d8c829b3790814ee222ec723fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1ccda09727d0314630ac36e18caa2f2b361373e4835129c83639743096f14e80
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 256236958fde0f3f6b843a1a8dc42f8139e707d8c829b3790814ee222ec723fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF31E33154121A6ADF20AFB4DC48ADE7FBCBF46320F104156FA54A21E0DB31ED89DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005AD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00543A97,?,?,00542E7F,?,?,?,00000000), ref: 00543AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AE199: GetFileAttributesW.KERNEL32(?,005ACF95), ref: 005AE19A
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 005AD122
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 005AD1DD
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 005AD1F0
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 005AD20D
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 005AD237
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,005AD21C,?,?), ref: 005AD2B2
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 005AD253
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005AD264
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2592b7ea8805be2d5a260c67aa2d424135e16ff610cf7516e8b7a5c27f884842
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 946af1ecf38dd4b88f4c87630e5cb47894e08877e5bfd7914e79ada777df4443
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2592b7ea8805be2d5a260c67aa2d424135e16ff610cf7516e8b7a5c27f884842
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32616D3580110E9ACF15FBE0C996AEDBFB5BF96304F204165E402771A2EB315F09DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005BED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f92a22ca4a12e01f142cd0a59c3a496c886033db9ff0cc1c4167d5832ba0b89
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a08a5b1591fcd8d714948e68aa466e8cd518130bfdbc8796cd501bc375a0344a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f92a22ca4a12e01f142cd0a59c3a496c886033db9ff0cc1c4167d5832ba0b89
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B441AB35205612AFE720CF19D88AB99BFA9FF44318F18C49AE4158B762C775FC45CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005AE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 005A170D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 005A173A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A16C3: GetLastError.KERNEL32 ref: 005A174A
                                                                                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 005AE932
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                      • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ec8e3a15462aed3bb684104b126439f8abec6c67bb554e8d333b48ba338300a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f0d7683d52ae2b1b3250d3efbedaef0c0d72a2d310e6790770aeeb643bf85fc9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ec8e3a15462aed3bb684104b126439f8abec6c67bb554e8d333b48ba338300a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C01D672610312AFEB6466B49C8BBBF7A5CBB16750F154922F803E21D1D5A05C4491A4
                                                                                                                                                                                                                                                                                                                                                      Function 005C1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 005C1276
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C1283
                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 005C12BA
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C12C5
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 005C12F4
                                                                                                                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 005C1303
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C130D
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 005C133C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 49d5f6f604f942e3e1c5db293daad390baecb57ee00365722ab131480a93efdd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e59ac5e773cdc14bad21b52a3f15416e02fe81dd2322372b7ce445a97532b27a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49d5f6f604f942e3e1c5db293daad390baecb57ee00365722ab131480a93efdd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF416A39A005419FD720DF64C488F69BFE6BB86318F18858DE8568F293C771EC85CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0057B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057B9D4
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057B9F8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057BB7F
                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,005E3700), ref: 0057BB91
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0061121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0057BC09
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00611270,000000FF,?,0000003F,00000000,?), ref: 0057BC36
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057BD4B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 221244c6b50bdd3339bbe98842bff156142aeae657451e7d2f3a55f2a608ad9a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f38e22dd08f03afa99fe87d5090fcdbe30f55d87770c96a527a65265155427c7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 221244c6b50bdd3339bbe98842bff156142aeae657451e7d2f3a55f2a608ad9a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AC129719042069FEB20AF79A845BAA7FB9FF81310F18C55AE95CDB251E7308E41E750
                                                                                                                                                                                                                                                                                                                                                      Function 005AD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00543A97,?,?,00542E7F,?,?,?,00000000), ref: 00543AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AE199: GetFileAttributesW.KERNEL32(?,005ACF95), ref: 005AE19A
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 005AD420
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 005AD470
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 005AD481
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005AD498
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005AD4A1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fbac5b6b8ff4a75990b13a182223859636582c5e0b2e161b5cde87039e507247
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2615373316e6e2ec44ae6dc0bf681ee0007adf6249648da8bbc9144cab60a0fd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbac5b6b8ff4a75990b13a182223859636582c5e0b2e161b5cde87039e507247
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC315E710093469BC714EF64D85A8EF7FA8BED6304F444E1EF4D2531A1EB70AA09D762
                                                                                                                                                                                                                                                                                                                                                      Function 0057E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bbd555887714d38ad3ab0ea16aaa872ef711dd0908ac0df53c79ea1fcd6737f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e7dd6a429354f0d30bfe86fcf718b3c49afd5bd89c6ea845d14bd1604aa09fd6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbd555887714d38ad3ab0ea16aaa872ef711dd0908ac0df53c79ea1fcd6737f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2C25B71E086298FDB25CE28ED457EABBB5FB48304F1485EAD44DE7240E774AE819F40
                                                                                                                                                                                                                                                                                                                                                      Function 005B648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B64DC
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 005B6639
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(005DFCF8,00000000,00000001,005DFB68,?), ref: 005B6650
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 005B68D4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ef1f0076b6f1fa1728512b90eea5da3c0c59ce806be0e3c18a77b3603e397b96
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 641398cd062d7799ccac0ee24cc61710dba344740b9bce981c8c84d01b53fdd5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef1f0076b6f1fa1728512b90eea5da3c0c59ce806be0e3c18a77b3603e397b96
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AD14B71508202AFC314DF24C8859ABBBE9FFD8308F40496DF5958B2A1DB71ED09CB92
                                                                                                                                                                                                                                                                                                                                                      Function 005C22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 005C22E8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005BE4EC: GetWindowRect.USER32(?,?), ref: 005BE504
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 005C2312
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 005C2319
                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 005C2355
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 005C2381
                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 005C23DF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0880ce2a3238386478bf8f3c48722acaa4e58fa356c49867f1d66ee243e4f03d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d9e530c65109d3934a277e2832f7ef4bd47ffc814a3c827c62dbc08befc3f05
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0880ce2a3238386478bf8f3c48722acaa4e58fa356c49867f1d66ee243e4f03d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C31BC72505356AFCB20DF54D849F9BBBA9FB84B10F000A1EF985D7181DA34EA08CB92
                                                                                                                                                                                                                                                                                                                                                      Function 005B9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 005B9B78
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 005B9C8B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005B3874: GetInputState.USER32 ref: 005B38CB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005B3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 005B3966
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 005B9BA8
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 005B9C75
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7f309cbd912f3a2ae224e3607a10bcba010e73e834f819ddd696f9358dd4b2d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7ec7950a0f6be5047ce1badc4c72b2380f8891552118f711a84ad4dd8e0b6e13
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f309cbd912f3a2ae224e3607a10bcba010e73e834f819ddd696f9358dd4b2d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5741417194520A9FDF14DFA4C989AEEBFB4FF45310F244556E505A31A1EB30AE84CF60
                                                                                                                                                                                                                                                                                                                                                      Function 0055997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00559BB2
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 00559A4E
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00559B23
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00559B36
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 07eca51e032c54471fa48c577fdba72d439e9f42fb2bcdb3485b9e9ad015de19
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 424256984b9cbd485a743683d755351e6ce63ddaf20200a1c00c352b7f49e68e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07eca51e032c54471fa48c577fdba72d439e9f42fb2bcdb3485b9e9ad015de19
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46A12BB0119549EEEB349B3CCC6CDBB2E5DFBC6352F14450BF902CA691CA299D09D272
                                                                                                                                                                                                                                                                                                                                                      Function 005C1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 005C307A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005C304E: _wcslen.LIBCMT ref: 005C309B
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 005C185D
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C1884
                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 005C18DB
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C18E6
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 005C1915
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 591c0da0fe1b829cc75ef763a61ec683f5a04433f5dcf1b52c7a0077a2275717
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cfb0e607d85a98bdfa59c4775e2f233461c628a096eaa8dcd7fc7228e1272345
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 591c0da0fe1b829cc75ef763a61ec683f5a04433f5dcf1b52c7a0077a2275717
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0951B071A00211AFDB10AF64C88AF6ABBA5BB85718F04849DF9065F3C3D771AD41CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 005D1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e258bf1949f471a4933a02b9c638599d62aaa8402f4f72ec460fed95389bb0f1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 84418727d7dcfa3f08682dee5a7a56b4d6d35599d9c5a088b80aea3c6a7781f1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e258bf1949f471a4933a02b9c638599d62aaa8402f4f72ec460fed95389bb0f1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0321A031751A01AFD7308F2EC844B6A7FA5FF95315B18806BE8468B361DB71EC46CB98
                                                                                                                                                                                                                                                                                                                                                      Function 00548060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 08d1bb95c867db158a05c5eff3687bf957aa1020df57409397f656afb8c772f4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06a40bdb35c6114d6e2fc4715c021768cb84f95d5404411de993192ba7cb4a4a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08d1bb95c867db158a05c5eff3687bf957aa1020df57409397f656afb8c772f4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89A25D74A0061ACBDF24DF58C8447FEBBB1BB54318F2485AAEC15A7285EB749D81CF90
                                                                                                                                                                                                                                                                                                                                                      Function 005A8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 005A82AA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ($tb`$|
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1659193697-2163376563
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ad7614226d943b72b83cc923032e97fb58fdeefea5e22061780ae8992ab0d059
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e229bee437f6c35bbd529e46203e7930b5a703bcdb97be720933d7b1f1effc29
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad7614226d943b72b83cc923032e97fb58fdeefea5e22061780ae8992ab0d059
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35322675A007059FCB28CF59C481A6ABBF0FF48710B15C96EE59ADB3A1EB70E941CB40
                                                                                                                                                                                                                                                                                                                                                      Function 005AAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 005AAAAC
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 005AAAC8
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 005AAB36
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 005AAB88
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 066a353e59c7a6be04c92f8f04d011e79a94a0bea1b0d75791a64a4f53c7bbb7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d573432aa6d6e874d97c2a741e24373f542ca78025dc6218e43c2783d7b3394a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 066a353e59c7a6be04c92f8f04d011e79a94a0bea1b0d75791a64a4f53c7bbb7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95310530A4025CAEFF358A68CC09BFE7FAABB96310F04421BE181961D1D7758985D772
                                                                                                                                                                                                                                                                                                                                                      Function 005BCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 005BCE89
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 005BCEEA
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000), ref: 005BCEFE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 78dee1962b6ad172bbaf8237dc816ec5b83284abb048bf8ccc1a70e7e56dc154
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54241163dd63bab62ccbfea8d02b4f4b50b62cc338e6d27bc80be6c8de08b438
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78dee1962b6ad172bbaf8237dc816ec5b83284abb048bf8ccc1a70e7e56dc154
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11218C71600306DBDB319FA5C949BA77FFCFB50354F10481EE54692151E770EA08DBA8
                                                                                                                                                                                                                                                                                                                                                      Function 005B5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 005B5CC1
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 005B5D17
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 005B5D5F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fae4617b874e035984ba4302e3e58ea044a957038aae156c457cb426201d6d07
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 49a81e0ed56946bfe71114ee235b2e84c166e62f22f6c1af63d09f9040fb5704
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fae4617b874e035984ba4302e3e58ea044a957038aae156c457cb426201d6d07
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B518C746046029FC718DF28C498A96BBE4FF89314F14865EE99A8B3A1DB30FD45CF91
                                                                                                                                                                                                                                                                                                                                                      Function 00572622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0057271A
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00572724
                                                                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00572731
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 133d01646caed1aef42453fd3a64e50e3b55823423132865547ce55591bfee66
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a1fbda53112651f95f075ff5e6d3a0b7485b16563ce08edee094bea69497a65d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 133d01646caed1aef42453fd3a64e50e3b55823423132865547ce55591bfee66
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F131D5749112199BCB21DF68DD8879DBBB8BF18310F5042EAE80CA7260E7309F858F44
                                                                                                                                                                                                                                                                                                                                                      Function 005B51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 005B51DA
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 005B5238
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 005B52A1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62f25cf70692018a38024f4ad6400e441d26427b6c6fccb7384e6cd90fa0ef72
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 721b4548abc49f6c5b4b6897461d87682e11516a1e251826772df716d3f5304f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62f25cf70692018a38024f4ad6400e441d26427b6c6fccb7384e6cd90fa0ef72
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45313C75A005199FDB00DF54D888AEDBFB5FF49318F048099E8459B352DB31E85ACB50
                                                                                                                                                                                                                                                                                                                                                      Function 005A16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00560668
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00560685
                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 005A170D
                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 005A173A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 005A174A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6579bbff180e6d20435e2dc91577f58afecba835c1524227951fe53dd7c9494c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d532381893f857e43be78304921782ee42020c99b74cdb2d068c5ae7d88a7e06
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6579bbff180e6d20435e2dc91577f58afecba835c1524227951fe53dd7c9494c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C011CEB2400305AFD728AF54DC8AD6EBBB9FB44714B20852FE45697241EB70BC45CB24
                                                                                                                                                                                                                                                                                                                                                      Function 005AD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 005AD608
                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 005AD645
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 005AD650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d27277ea7ec610100c54a8a88fcd400c000ee4e7aee47c2c5b6ebf92a4d6766e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c1fb90d1d16a1149916764f476d92233c3b787bd66888337ada201b5b8594a98
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d27277ea7ec610100c54a8a88fcd400c000ee4e7aee47c2c5b6ebf92a4d6766e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4117C75E05228BBDB208F949C44FAFBFBCEB45B50F108112F904E7290C2704A058BA1
                                                                                                                                                                                                                                                                                                                                                      Function 005A1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 005A168C
                                                                                                                                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 005A16A1
                                                                                                                                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 005A16B1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 383418d413f99c94e327e749c0fa5a88dcfd9eafdb0982db40f33366f4ec6bcb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d7ed9728c1781e7a39319c2669bd94f50edf18221c4b38fa5144cd804de6fc1f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 383418d413f99c94e327e749c0fa5a88dcfd9eafdb0982db40f33366f4ec6bcb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12F0F471951309FBDF00DFE49D89AAEBBBCFB08604F504566E501E2181E774AA489A54
                                                                                                                                                                                                                                                                                                                                                      Function 0057C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c43b50eecadbb5c47706fc2cefa7daacb27fd6c8fd6608597671700149fa2ca7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 39146afcbeaec01bad235c59c372a2cd70323092d54c314e2a1342d09311d77b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c43b50eecadbb5c47706fc2cefa7daacb27fd6c8fd6608597671700149fa2ca7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4412676500219AFCB209FB9EC4CDAB7FB8FB84314F10866DF909D7180E6709D419B50
                                                                                                                                                                                                                                                                                                                                                      Function 0056CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 57a4378cb796f73d6b08a1558dea4023e753f2274ab3bcd9036018681fb6b210
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C020A71E012199BDF14CFA9C8806ADFFB5FF88314F25816AD859EB381D731AE418B94
                                                                                                                                                                                                                                                                                                                                                      Function 0054CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: Variable is not of type 'Object'.$p#a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1801905891
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eb46a0a16e6326f6729da998fe670a0b404dcefb094a2ad57b914bfbfc96bc58
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cea04fba780904a819a4b8044520d0b201ca931b69eebf17cba872c7ae71c62b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb46a0a16e6326f6729da998fe670a0b404dcefb094a2ad57b914bfbfc96bc58
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7132AE70901219EFCF54DF90C895AEDBFB9FF85308F144469E806AB292D735AE49CB60
                                                                                                                                                                                                                                                                                                                                                      Function 005B68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 005B6918
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005B6961
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 347cf22d8d249d5e918b1dac2c8e604fe524a5687b624a9d8e6d1232246dc211
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4a285d56e1af8b7dcda31d2d6c9be079570d61b28efad8e383e607e570921d3d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 347cf22d8d249d5e918b1dac2c8e604fe524a5687b624a9d8e6d1232246dc211
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD1190356042119FD710DF29D488A56BFE5FF89328F14C69AE8698F3A2C734EC45CB91
                                                                                                                                                                                                                                                                                                                                                      Function 005B37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,005C4891,?,?,00000035,?), ref: 005B37E4
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,005C4891,?,?,00000035,?), ref: 005B37F4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f4a34be6f820e23081e84c7f124edf58af6edbdd98b62579ab7c7cce6bba821a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 63f87782fcaf724d7cc9d3a6cda7ea06dc3c7260e17479583f7a4432708a4633
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4a34be6f820e23081e84c7f124edf58af6edbdd98b62579ab7c7cce6bba821a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3F0EC706052256AD72057655C4DFDB3F5DFFC4761F000176F509E2181D9605D08C7B0
                                                                                                                                                                                                                                                                                                                                                      Function 005AB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 005AB25D
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 005AB270
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5f9583c1cc4b6e025b7561e6aa270e71c6590ae4c278ddd7aeb486b34d1c1a6d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ee0a06ab10585b57295689e2c952908470a769899b652fc4dfc102eaf2a0d8ea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f9583c1cc4b6e025b7561e6aa270e71c6590ae4c278ddd7aeb486b34d1c1a6d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45F01D7580424EABEB159FA0C805BAE7FB4FF05305F00844AF955A5192C3798615DF94
                                                                                                                                                                                                                                                                                                                                                      Function 005A10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,005A11FC), ref: 005A10D4
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,005A11FC), ref: 005A10E9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d883b26f995986ad13878c24c74009c398fe02d6b54201a6a8872b369f27d2fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ca5f5ea15ee5ffecd615711b74a25ceb976c9c716e7b49682d09c6efae53f42e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d883b26f995986ad13878c24c74009c398fe02d6b54201a6a8872b369f27d2fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3E04F32004601AFE7252B11FC0AE777FA9FB04311F10882FF8A5804B1DB626C94EB14
                                                                                                                                                                                                                                                                                                                                                      Function 0057676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00576766,?,?,00000008,?,?,0057FEFE,00000000), ref: 00576998
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3c1f76b3e63d68373698044b56f8580a29a0d55772cdb597d7f46193ca94f663
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 752a9ef12a139e39be5c96c581cfd2793af3a5bc37599428756846c8d17a1ab8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c1f76b3e63d68373698044b56f8580a29a0d55772cdb597d7f46193ca94f663
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3B13531610A09DFD719CF28D48AB657FE0FB45364F29C698E899CF2A2C335E985DB40
                                                                                                                                                                                                                                                                                                                                                      Function 0055B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 81ec1f5c5e2e8b48372d9f5f77e8d6a00a8f20680eadf17ed7154554fb210d01
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 79fe4ac308bd01e2ada5b473706469974f9a01a496bfa9f5fdb38ffd6cd42e4f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81ec1f5c5e2e8b48372d9f5f77e8d6a00a8f20680eadf17ed7154554fb210d01
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66126D71900229DFDF24CF58C894AFEBBB5FF48310F14859AE849EB251DB309A85CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005BEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 005BEABD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a741586edc9eb2ee4f09842d41eba4e85845b2d06d5a150b05c832a33ff18dda
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 909da72f46365cbbce93fe30119db01fd2bb105c35494bbcc17e15289e88383d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a741586edc9eb2ee4f09842d41eba4e85845b2d06d5a150b05c832a33ff18dda
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FE0E531200205AFD710EB69D809ADABBEDBB98764F048416FC49C7291DA70E8448B90
                                                                                                                                                                                                                                                                                                                                                      Function 005609D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,005603EE), ref: 005609DA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6476638bdb8c4f05b45303fbdcb6ef27cc93afea669c2a7d209ceeb14b3a364d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4f8bd9e305aacdb935590409c432cf036a79b85b8723e0a61353f68fde313eda
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6476638bdb8c4f05b45303fbdcb6ef27cc93afea669c2a7d209ceeb14b3a364d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                      Function 0056781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e3788561f2d5ecbf988124a0907695ce07f9b73dd1818d2ec727189ece5e0cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2851577160C70E5BDB388578885D7BE6FD5BB5E34CF180A09D882D7382CA15EE41D356
                                                                                                                                                                                                                                                                                                                                                      Function 005B2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0&a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-574746216
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd17779ae0202697797c10a8a4f449bafda6665526bc660813f1ba9e7fd017e8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2c764348218bb28f4513b79bd8fc07d7f9c4840eb472a1d10c502a5ba9f81aab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd17779ae0202697797c10a8a4f449bafda6665526bc660813f1ba9e7fd017e8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3921E7322206158BDB28CF79C8276BE77E5B754310F188A2EE4A7C33D0DE35A904CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00576DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0c29f3f7fd15be22e862f57f3c8cf2d5480908f6d671d193211d0e91bf730351
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 57abc3954a167d370d41d8551e0def91a1c19df4e95e54b078323885208c5ba8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c29f3f7fd15be22e862f57f3c8cf2d5480908f6d671d193211d0e91bf730351
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58324721D28F454DD7279634EC623356A8DBFBB3C5F15C737E81AB59AAEB28C4836100
                                                                                                                                                                                                                                                                                                                                                      Function 0055CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ea469424d2c4fe80130cc9f25a1fccda6462271566afbf07861751e34a325486
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9b135ca1c57973f1e579d7ed3ca2fac7f1adbdcb0f0ee74df12298a3ba1e74b0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea469424d2c4fe80130cc9f25a1fccda6462271566afbf07861751e34a325486
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3321332A002558FDF28CF29C4A46BD7FA2FB45305F28856BD86A9B792D334DD85DB40
                                                                                                                                                                                                                                                                                                                                                      Function 00547920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 522b3f05a9630ead047430b0c778e595b602a80f566393dcd55c0e74734c61d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29f02e5dc4522ee8c630d7e40b2fb727dadb9b11bb02748611fee9586e64edc4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 522b3f05a9630ead047430b0c778e595b602a80f566393dcd55c0e74734c61d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1422AFB0A0460ADFDF14DF65C885AEEBBB6FF48304F144529E816A7291FB36AD14CB50
                                                                                                                                                                                                                                                                                                                                                      Function 005491C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1ba8dba1a6032d1f72b3a6ac6ff16e03807a2cc5c4938ede01534dd4f0c55e7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4c83241c980f9bc239baf434414f5ca7c1b0d1c94ae157d615d5bc64b7a1b26f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ba8dba1a6032d1f72b3a6ac6ff16e03807a2cc5c4938ede01534dd4f0c55e7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B02A8B1E00116EFDB04EF54D886AAEBFB5FF44304F108569E816AB291E731AE15CB91
                                                                                                                                                                                                                                                                                                                                                      Function 00567A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 530103d205c52f49b662606af05972505441e7c810223b6a6795927d60bf5091
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a05cf4f18884b437e11c64c72b5a5f85b5daf5ce3b2c1653392598131c9e340a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 530103d205c52f49b662606af05972505441e7c810223b6a6795927d60bf5091
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65616C7120870E56DE349A688D95BBE6F94FF8D70CF140E19E843DB2A1ED119E42C355
                                                                                                                                                                                                                                                                                                                                                      Function 00567CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6fe35e9081636abed1c88996a46013d0bfce9c5ce09a2a1a845a6ff7644adc52
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 935e8488d19dc92ed777852dc02fc20415bbe83b8d23b0137cdebcda04d14719
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fe35e9081636abed1c88996a46013d0bfce9c5ce09a2a1a845a6ff7644adc52
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB617B7160870E56DF388A388855BBF2FA8FF9E70CF140E59E943DB281EA129D458355
                                                                                                                                                                                                                                                                                                                                                      Function 005C2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 005C2B30
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 005C2B43
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 005C2B52
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 005C2B6D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 005C2B74
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 005C2CA3
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 005C2CB1
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C2CF8
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 005C2D04
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 005C2D40
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C2D62
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C2D75
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C2D80
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 005C2D89
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C2D98
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 005C2DA1
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C2DA8
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 005C2DB3
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C2DC5
                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,005DFC38,00000000), ref: 005C2DDB
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 005C2DEB
                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 005C2E11
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 005C2E30
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C2E52
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 005C303F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1220674037e08303856527bbbdbff4e914d34cdca4741b62b801d42f91acca4f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b41a2c8e96db2e07899cbe2841e07523fdae7713f26ac4525a95c602e6b4d24f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1220674037e08303856527bbbdbff4e914d34cdca4741b62b801d42f91acca4f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD028D7190021AAFDB14DFA4CC89EAE7FB9FB49314F04851AF915AB2A1D730ED04DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005D70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 005D712F
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 005D7160
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 005D716C
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 005D7186
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 005D7195
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 005D71C0
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 005D71C8
                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 005D71CF
                                                                                                                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 005D71DE
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 005D71E5
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 005D7230
                                                                                                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,?), ref: 005D7262
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D7284
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: GetSysColor.USER32(00000012), ref: 005D7421
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: SetTextColor.GDI32(?,?), ref: 005D7425
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: GetSysColorBrush.USER32(0000000F), ref: 005D743B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: GetSysColor.USER32(0000000F), ref: 005D7446
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: GetSysColor.USER32(00000011), ref: 005D7463
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 005D7471
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: SelectObject.GDI32(?,00000000), ref: 005D7482
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: SetBkColor.GDI32(?,00000000), ref: 005D748B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: SelectObject.GDI32(?,?), ref: 005D7498
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 005D74B7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005D74CE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 005D74DB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c999a274e1cc263c9ab7b6813fc467d3b3e0d2877ee12cf1a3ef1ca26ba90787
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ae6eb41f2e491d9d03aca58235420094a2e4e861af9868a94ce459628e3b2804
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c999a274e1cc263c9ab7b6813fc467d3b3e0d2877ee12cf1a3ef1ca26ba90787
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCA1A272009316AFDB209F64DC48E5BBFA9FB59321F100B1BF962961E1E730E948DB51
                                                                                                                                                                                                                                                                                                                                                      Function 005C2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 005C273E
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 005C286A
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 005C28A9
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 005C28B9
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 005C2900
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 005C290C
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 005C2955
                                                                                                                                                                                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 005C2964
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 005C2974
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 005C2978
                                                                                                                                                                                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 005C2988
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 005C2991
                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 005C299A
                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 005C29C6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 005C29DD
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 005C2A1D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 005C2A31
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 005C2A42
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 005C2A77
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 005C2A82
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 005C2A8D
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 005C2A97
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 79b52a3c38f8805527b7d2761be5fda4993c4a440fa97505de7ea03e7703a287
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 96fd05a6ad414bd5207f3528abd8662bc70e4a1522f0fbd0d3205be6a5d59da3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79b52a3c38f8805527b7d2761be5fda4993c4a440fa97505de7ea03e7703a287
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CB15071A40216AFEB14DFA8CC49FAE7BA9FB49714F00851AFA15EB290D774ED40CB50
                                                                                                                                                                                                                                                                                                                                                      Function 005B4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 005B4AED
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,005DCB68,?,\\.\,005DCC08), ref: 005B4BCA
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,005DCB68,?,\\.\,005DCC08), ref: 005B4D36
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4450c403437fd19b56b7147be8e275dd78da5e965d941ddb39c3c072912e1669
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2a722ff44ca7bc6ed14d5c9c28aa3a7c4919ae262b138d70b7b705f6c1401508
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4450c403437fd19b56b7147be8e275dd78da5e965d941ddb39c3c072912e1669
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA619F306855069BCB28DF24C9869FE7FA1BF44B04B204816F806AB6D3DB21FD55DF51
                                                                                                                                                                                                                                                                                                                                                      Function 005D73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 005D7421
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 005D7425
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 005D743B
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 005D7446
                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 005D744B
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 005D7463
                                                                                                                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 005D7471
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 005D7482
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 005D748B
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 005D7498
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 005D74B7
                                                                                                                                                                                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005D74CE
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 005D74DB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 005D752A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 005D7554
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 005D7572
                                                                                                                                                                                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 005D757D
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 005D758E
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 005D7596
                                                                                                                                                                                                                                                                                                                                                      • DrawTextW.USER32(?,005D70F5,000000FF,?,00000000), ref: 005D75A8
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 005D75BF
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 005D75CA
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 005D75D0
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 005D75D5
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 005D75DB
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 005D75E5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fcfefb4bed14a08cc4d59afdeb7b655366dfbb162997f6be3ecf85dac0627220
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd9e606536813ae1dd31b486cb44e78ed545fa90ab6dc65fca3eb2f3b4d369a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcfefb4bed14a08cc4d59afdeb7b655366dfbb162997f6be3ecf85dac0627220
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D616172901219AFDF219FA8DC49EEEBF79FB08320F104117F915AB2A1D7709940DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005D0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 005D1128
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 005D113D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 005D1144
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D1199
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 005D11B9
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 005D11ED
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 005D120B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 005D121D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 005D1232
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 005D1245
                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 005D12A1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 005D12BC
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 005D12D0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 005D12E8
                                                                                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 005D130E
                                                                                                                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 005D1328
                                                                                                                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 005D133F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 005D13AA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fb991c3701811ede808c6821fdfab8ec6de4326beb114ccd31e5d82f168fc22d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7a6d71cd3acf0d92714c5ba45e3b542188f9d7aa1ff1cb975056ec1db1636552
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb991c3701811ede808c6821fdfab8ec6de4326beb114ccd31e5d82f168fc22d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EB19E71608741AFD720DF68C889BABBFE4FF84344F00891AF9999B261D731E844CB95
                                                                                                                                                                                                                                                                                                                                                      Function 005D0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 005D02E5
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D031F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D0389
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D03F1
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D0475
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 005D04C5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 005D0504
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055F9F2: _wcslen.LIBCMT ref: 0055F9FD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 005A2258
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 005A228A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9dadf9a520a3d6a5f2d6b79829b661a0439a36cdc798b60b376c5d6117811119
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 69eb08e503eba69dc5f01f9a058ee6f3ccd58e8ecceef804a91d3abae9125da1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dadf9a520a3d6a5f2d6b79829b661a0439a36cdc798b60b376c5d6117811119
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5E18D316082029FCB24DF28C455A6ABBE6BFC8318F14595EF8969B3E1DB30ED45CB51
                                                                                                                                                                                                                                                                                                                                                      Function 00558891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00558968
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 00558970
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0055899B
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 005589A3
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 005589C8
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 005589E5
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 005589F5
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00558A28
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00558A3C
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 00558A5A
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00558A76
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00558A81
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055912D: GetCursorPos.USER32(?), ref: 00559141
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055912D: ScreenToClient.USER32(00000000,?), ref: 0055915E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055912D: GetAsyncKeyState.USER32(00000001), ref: 00559183
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055912D: GetAsyncKeyState.USER32(00000002), ref: 0055919D
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,005590FC), ref: 00558AA8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3298c904fd3fed3c1f56398825f958c605b18b017299372c155d3bf06e081cfb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 37e4f8d82804f4330b709bd98c01e18ed9de1cea1e42f0677afaa4391372ec48
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3298c904fd3fed3c1f56398825f958c605b18b017299372c155d3bf06e081cfb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FB16B31A0020A9FDF14DFA8D859BEE3FB5FB48315F14462AFA15AB290DB34E845CB50
                                                                                                                                                                                                                                                                                                                                                      Function 005A0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 005A1114
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A1120
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A112F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A1136
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 005A114D
                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 005A0DF5
                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 005A0E29
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 005A0E40
                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 005A0E7A
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 005A0E96
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 005A0EAD
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 005A0EB5
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 005A0EBC
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 005A0EDD
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 005A0EE4
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 005A0F13
                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 005A0F35
                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 005A0F47
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 005A0F6E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A0F75
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 005A0F7E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A0F85
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 005A0F8E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A0F95
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 005A0FA1
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A0FA8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1193: GetProcessHeap.KERNEL32(00000008,005A0BB1,?,00000000,?,005A0BB1,?), ref: 005A11A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,005A0BB1,?), ref: 005A11A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,005A0BB1,?), ref: 005A11B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6e6c128cf4953d177d43eed2bb27340cb017808f12ad855da1e690f2db39da36
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac1543e9fbc5641c591e3423061bc6b3a59a06d5a71581d0a4b3607537f4028c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e6c128cf4953d177d43eed2bb27340cb017808f12ad855da1e690f2db39da36
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94715C7290121AEFDF209FA4DC88BAEBFB8BF15311F144116F919B6191D731A909DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005CC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 005CC4BD
                                                                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,005DCC08,00000000,?,00000000,?,?), ref: 005CC544
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 005CC5A4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005CC5F4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005CC66F
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 005CC6B2
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 005CC7C1
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 005CC84D
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 005CC881
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 005CC88E
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 005CC960
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c32f4b9dbfd88acc5e3d90c26474d5e01858fd84cf45f2f0ce3774a1e5cef79
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 10b55d5676eac83a2a25ca2f7cb810b66c9ec50ef4533d526f7a6daa6b376614
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c32f4b9dbfd88acc5e3d90c26474d5e01858fd84cf45f2f0ce3774a1e5cef79
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 941235356042029FDB14DF54C895F6ABBE5FF88718F04885DF88A9B2A2DB31ED45CB81
                                                                                                                                                                                                                                                                                                                                                      Function 005D091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 005D09C6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D0A01
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 005D0A54
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D0A8A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D0B06
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D0B81
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055F9F2: _wcslen.LIBCMT ref: 0055F9FD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005A2BFA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 35451c964946e9023089b8887dd963596a2dd69e5254808a74b93fe000818769
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67df5888b63d8a9b66043a7cda3f9c2035671a3b610eb332995aee4155837961
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35451c964946e9023089b8887dd963596a2dd69e5254808a74b93fe000818769
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1E16A316087129FC724DF28C451A6ABBE2BFD8318F14495EF8969B3A2D731ED45CB81
                                                                                                                                                                                                                                                                                                                                                      Function 005CC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ef2e6edbfb4236926879230686f3cbe292840e54c79e970d9590e20c7b976d8c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 38637bb0624aed894953e954cac70f28d61176656f49d586e93f1eeb01a62d5e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef2e6edbfb4236926879230686f3cbe292840e54c79e970d9590e20c7b976d8c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9771E532A4052B8FCB10DEF88C55FBB3FA1BBA0754B55052DF86A97284E631DD85C3A0
                                                                                                                                                                                                                                                                                                                                                      Function 005D833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D835A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D836E
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D8391
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D83B4
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 005D83F2
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,005D5BF2), ref: 005D844E
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 005D8487
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 005D84CA
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 005D8501
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 005D850D
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 005D851D
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?,005D5BF2), ref: 005D852C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 005D8549
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 005D8555
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 766fb57092172b5c3bf0f1892d38e4a728a3da963eca74c5d732faf35da937fb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b37e4c54908025ef0e698025d3b648b4cee8d626183344beedc8d7f71a07053b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 766fb57092172b5c3bf0f1892d38e4a728a3da963eca74c5d732faf35da937fb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6661D171540216BAEB24DF68DC45BBF7FA8BB44711F10460BF815DA2D1DB74A980DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00547778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12495cc0ccdeb47a810d1caf2f84162c34dbd0e23597c4d4f85b2f8e8c0f4574
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8aa01fa884435260697d8f8a28215194524a85421ffec4b79a75897b0c8ea9b3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12495cc0ccdeb47a810d1caf2f84162c34dbd0e23597c4d4f85b2f8e8c0f4574
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8281F671A4060AABDB20AF64CC4AFEE3F68FF99304F004425FD05AB192EB71D915C791
                                                                                                                                                                                                                                                                                                                                                      Function 005A5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 005A5A2E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 005A5A40
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 005A5A57
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 005A5A6C
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 005A5A72
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 005A5A82
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 005A5A88
                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 005A5AA9
                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 005A5AC3
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005A5ACC
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005A5B33
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 005A5B6F
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 005A5B75
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 005A5B7C
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 005A5BD3
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 005A5BE0
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 005A5C05
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 005A5C2F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c24e4d4eb32c1ce59e468859babdc82c1ac2630b98c44fdc9904fe6070e7a6d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4e785785db55918a902a2a367b01702f65a460fa99cf54f4eff9d46458a6510
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c24e4d4eb32c1ce59e468859babdc82c1ac2630b98c44fdc9904fe6070e7a6d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E717E31A00B0AAFDB20DFA8CD45E6EBFF5FF48705F104919E142A65A0E774E944DB20
                                                                                                                                                                                                                                                                                                                                                      Function 005A30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[`
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-2911647270
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f2a1ecd8286a038bff200bd5af760ffb2cafcb877e476057c4f5400ba55d347e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 82eafe5bf44f613fcee1d77980d9900573a9032b176427560164f275b5175591
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2a1ecd8286a038bff200bd5af760ffb2cafcb877e476057c4f5400ba55d347e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18E1E332A00516ABCF18DFA8C4557EEFFB1BF5A718F14851AF456A7240DB30AE85CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005600C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 005600C6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0061070C,00000FA0,2EE85A9F,?,?,?,?,005823B3,000000FF), ref: 0056011C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,005823B3,000000FF), ref: 00560127
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,005823B3,000000FF), ref: 00560138
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0056014E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0056015C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0056016A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00560195
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 005601A0
                                                                                                                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 005600E7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600A3: __onexit.LIBCMT ref: 005600A9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00560122
                                                                                                                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 00560162
                                                                                                                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 00560133
                                                                                                                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 00560154
                                                                                                                                                                                                                                                                                                                                                      • InitializeConditionVariable, xrefs: 00560148
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b2251a6e4799b24f7fd27bff867d2ac3aa9d98ba8c0da6bf33a44301ac44483
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 761c7cfe05a3165badc37f92482a9d8e5144a7052e1f0d0183c4c3f1b51bbda5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b2251a6e4799b24f7fd27bff867d2ac3aa9d98ba8c0da6bf33a44301ac44483
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB21FC326457126BE7206BB8AC0AB5B3F95FB56B61F145527F802D73D1DFB05804CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005B44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00000000,00000000,005DCC08), ref: 005B4527
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B453B
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B4599
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B45F4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B463F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B46A7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055F9F2: _wcslen.LIBCMT ref: 0055F9FD
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00606BF0,00000061), ref: 005B4743
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fc123340afcaefc9efc66eb11156eb7071c81605304df323bf356de827a115f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b376ac3b9e687f4c9416d5f5b8c5256be53d2193ce537705b3b67faad0a41423
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc123340afcaefc9efc66eb11156eb7071c81605304df323bf356de827a115f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFB1DF716083029BC724DF28C895AAABFE5BFE5724F50491DF496C7292EB30E845CF52
                                                                                                                                                                                                                                                                                                                                                      Function 005D911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00559BB2
                                                                                                                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 005D9147
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D7674: ClientToScreen.USER32(?,?), ref: 005D769A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D7674: GetWindowRect.USER32(?,?), ref: 005D7710
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D7674: PtInRect.USER32(?,?,005D8B89), ref: 005D7720
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 005D91B0
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 005D91BB
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 005D91DE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 005D9225
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 005D923E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 005D9255
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 005D9277
                                                                                                                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 005D927E
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 005D9371
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 221274066-1258061203
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c993aed045d6650c57527e20412e6634f866a69dad592db81361b023f4ac9dc6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c12d251aa3fd0ad2974fb12b88c212d3ce3ab4e48aebb9a903df8455f8ea19b7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c993aed045d6650c57527e20412e6634f866a69dad592db81361b023f4ac9dc6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E615771108302AFC711DF64DC89DABBFE9FBD9354F00092EF595962A1DB309A49CB52
                                                                                                                                                                                                                                                                                                                                                      Function 0054326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00611990), ref: 00582F8D
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00611990), ref: 0058303D
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00583081
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0058308A
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(00611990,00000000,?,00000000,00000000,00000000), ref: 0058309D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 005830A9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b06cb9f0025c022c063e34c9326018dd6c61e45742f519f1d69572b1d117431b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3606de381c1f0d37efd797d14e683eead3aca198eab6544b89e7ca7ae88a002f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b06cb9f0025c022c063e34c9326018dd6c61e45742f519f1d69572b1d117431b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD71F870645206BEEB219F24DC4DFAABF68FF05324F204217FA246A1E1C7B1AD14DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005D6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 005D6DEB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 005D6E5F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 005D6E81
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 005D6E94
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 005D6EB5
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00540000,00000000), ref: 005D6EE4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 005D6EFD
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 005D6F16
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 005D6F1D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 005D6F35
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 005D6F4D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559944: GetWindowLongW.USER32(?,000000EB), ref: 00559952
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db15d8015b09b4d1aff481193f36cb732760fc57e6ff7fc1fb3ba5b6df277330
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 59164339c3108ee67bb00eb85407ebd2a521d0ec9d1a6d44d6423d4c671b8750
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db15d8015b09b4d1aff481193f36cb732760fc57e6ff7fc1fb3ba5b6df277330
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD713974144246AFDB21CF1CD884AAABFE9FB89304F04491FF9998B361C770E90ADB11
                                                                                                                                                                                                                                                                                                                                                      Function 005BC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 005BC4B0
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 005BC4C3
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 005BC4D7
                                                                                                                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 005BC4F0
                                                                                                                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 005BC533
                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 005BC549
                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 005BC554
                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 005BC584
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 005BC5DC
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 005BC5F0
                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 005BC5FB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b8ca1dc2557e209be5297d6618a7665325c5bbf76c357339d2a37d18dfc52b2c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c06b0809fe7354d75a14f5afa33bbc684854837840dd9c1fbe3eb9dbdb14184a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8ca1dc2557e209be5297d6618a7665325c5bbf76c357339d2a37d18dfc52b2c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15514AB0501609BFDB318F64C988AAA7FBCFF18744F00441AF945D6250DB30FA48EBA4
                                                                                                                                                                                                                                                                                                                                                      Function 005D856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 005D8592
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005D85A2
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005D85AD
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005D85BA
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 005D85C8
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005D85D7
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 005D85E0
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005D85E7
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005D85F8
                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,005DFC38,?), ref: 005D8611
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 005D8621
                                                                                                                                                                                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 005D8641
                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 005D8671
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 005D8699
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 005D86AF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d97dc37eb336c597f55b1caf2a41a5ee6621fa58712f3215e3663bf96a214061
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26a71ded23797f95bb54972f213c5959d165aa2da602177d72fbcaeb9bbc0eea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d97dc37eb336c597f55b1caf2a41a5ee6621fa58712f3215e3663bf96a214061
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2411875601205AFDB219FA9DC48EAA7FBCFF99711F10415BF905E7260DB309905DB20
                                                                                                                                                                                                                                                                                                                                                      Function 005B14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 005B1502
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 005B150B
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005B1517
                                                                                                                                                                                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 005B15FB
                                                                                                                                                                                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 005B1657
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 005B1708
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 005B178C
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005B17D8
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005B17E7
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 005B1823
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bbc1a67c97e0fa410c3b11e5c7757cba6460382bad0602999006cbab19322e69
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aa5403c52eff0618cac9be446ae6fa4c5ea3cd4fb7fbe99967e8e5683f7d67b7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbc1a67c97e0fa410c3b11e5c7757cba6460382bad0602999006cbab19322e69
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84D1F172600906EBDB609F64E8A9BB9BFB5BF85700F908556F806AB1C0DB30EC44DF55
                                                                                                                                                                                                                                                                                                                                                      Function 005CB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,005CB6AE,?,?), ref: 005CC9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CC9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CCA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CCA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 005CB6F4
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 005CB772
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 005CB80A
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 005CB87E
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 005CB89C
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 005CB8F2
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 005CB904
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 005CB922
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 005CB983
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 005CB994
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be405e8345922c4884ad380bfbb97f5710f6d2aa0c407c5e2b549b4a91d4b0f7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5288d7809f557f1755275622fadcec83476fde2742bf3f96423962e3e7a736c5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be405e8345922c4884ad380bfbb97f5710f6d2aa0c407c5e2b549b4a91d4b0f7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0C17C30205202AFE714DF54C49AF6ABFE5FF84308F14855DE49A8B2A2CB75ED45CB91
                                                                                                                                                                                                                                                                                                                                                      Function 005C255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 005C25D8
                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 005C25E8
                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 005C25F4
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 005C2601
                                                                                                                                                                                                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 005C266D
                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 005C26AC
                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 005C26D0
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 005C26D8
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 005C26E1
                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 005C26E8
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 005C26F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 53dd1d8215ea7a08e3a3635e0c242e07a6dc4aeb419ac8fee47042fef1a07b3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1af010650880fd0bcd6ec08032a16cd16abf78c951f4a9d7b19db37c5a8cb26a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53dd1d8215ea7a08e3a3635e0c242e07a6dc4aeb419ac8fee47042fef1a07b3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4461E27590021AAFCF14CFE8D885EAEBBB5FF48310F20851AE956A7250D770A941DF60
                                                                                                                                                                                                                                                                                                                                                      Function 0057DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 0057DAA1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D659
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D66B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D67D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D68F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D6A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D6B3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D6C5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D6D7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D6E9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D6FB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D70D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D71F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D63C: _free.LIBCMT ref: 0057D731
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DA96
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000), ref: 005729DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: GetLastError.KERNEL32(00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000,00000000), ref: 005729F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DAB8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DACD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DAD8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DAFA
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DB0D
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DB1B
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DB26
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DB5E
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DB65
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DB82
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057DB9A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e4a791b4aab1e68538148364f06ab9b7529e420377a07c3ba4c684cc2a44995e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4f6262a9b1e223bc3e2d45b77fb775d55e083b1c855093a1cbb14ac19d74024e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4a791b4aab1e68538148364f06ab9b7529e420377a07c3ba4c684cc2a44995e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC314A316442069FEB21AA39F849B5ABFF9FF40310F19C419E54DD7191DB31AC80AB30
                                                                                                                                                                                                                                                                                                                                                      Function 005A365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 005A369C
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005A36A7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 005A3797
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 005A380C
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 005A385D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005A3882
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 005A38A0
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000), ref: 005A38A7
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 005A3921
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 005A395D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a8458e2785e46b2333d673e3f05aab6ec7a3c14bc1531e6f4f63d559a4b09cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c05c93c24cf2a3d98a5ab0e46df4ccde1bf326717c8c7841a1de05dabe8f39f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a8458e2785e46b2333d673e3f05aab6ec7a3c14bc1531e6f4f63d559a4b09cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D91B471205607AFD719DF24C885BAEFBA8FF45354F00462AF999C2190DB34EA49CB91
                                                                                                                                                                                                                                                                                                                                                      Function 005A4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 005A4994
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 005A49DA
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005A49EB
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 005A49F7
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 005A4A2C
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 005A4A64
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 005A4A9D
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 005A4AE6
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 005A4B20
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005A4B8B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5edf3b6c18b6178b4aad91a01dd282b9950cf59c4ae869f130855001698a1d5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 512396d97253031e12448385a21d11e5671cf5374ae6e64c1e4b7c5dc1f86c9e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5edf3b6c18b6178b4aad91a01dd282b9950cf59c4ae869f130855001698a1d5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C919D7110420A9FDB04CF94C985BAA7FA9FFC6314F04846AFD869A096DB70ED45CFA1
                                                                                                                                                                                                                                                                                                                                                      Function 005D8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00559BB2
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 005D8D5A
                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 005D8D6A
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 005D8D75
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 005D8E1D
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 005D8ECF
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 005D8EEC
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 005D8EFC
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 005D8F2E
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 005D8F70
                                                                                                                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 005D8FA1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 86019be6bcbb6828a2f0bb390183af958a8fca068a2f7feb24968e8682564a82
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d3cb4d162c5e9aae00eb07eb6d42d94c0f108620cb20094746a841ec9bfaf6b1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86019be6bcbb6828a2f0bb390183af958a8fca068a2f7feb24968e8682564a82
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5818C715083029BDB20CF28D884ABB7FEAFB88714F040A5BF9949B391DB30D904DB61
                                                                                                                                                                                                                                                                                                                                                      Function 005ADC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?), ref: 005ADC20
                                                                                                                                                                                                                                                                                                                                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 005ADC46
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005ADC50
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 005ADCA0
                                                                                                                                                                                                                                                                                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 005ADCBC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7304a7b5f7f78c7a39417cd9c588485133c93d6b663362b2dcf12d67c31f7ff1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4932407e16ab9e64e052f83bce638369cead8f14b4836d0f37c9d43a312d4620
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7304a7b5f7f78c7a39417cd9c588485133c93d6b663362b2dcf12d67c31f7ff1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F41F4729402067AEB14A664DC0BEBF7F7CFF92720F10046AF901A7182EA70990097B5
                                                                                                                                                                                                                                                                                                                                                      Function 005CCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 005CCC64
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 005CCC8D
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 005CCD48
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 005CCCAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 005CCCBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 005CCCCF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 005CCD05
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 005CCD28
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 005CCCF3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e87e877b76166310ea6d461a3ed65af32bb5633e31f10e6aabf545bc97009a2a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eb496a767e4477ce555db7bafb6ae7bbba84789bfbdf7e5507a46040448b0864
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e87e877b76166310ea6d461a3ed65af32bb5633e31f10e6aabf545bc97009a2a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0315471942129BFD7208B94DC88EFFBF7CEF55750F00416AE91AE6140D6345E45EAA0
                                                                                                                                                                                                                                                                                                                                                      Function 005B3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 005B3D40
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B3D6D
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 005B3D9D
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 005B3DBE
                                                                                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 005B3DCE
                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 005B3E55
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005B3E60
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005B3E6B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 637a9d8e2d94ac0c0ecd3c696cc1809eee8ce0f9de8c7634b789cde28b11021b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aabbd8614f6e0b1ca9e47bc045af9e37ad73d8f5990560d37d57f19deaceb26b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 637a9d8e2d94ac0c0ecd3c696cc1809eee8ce0f9de8c7634b789cde28b11021b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 083192B594021AABDB209BA0DC49FEF3BBCFF88740F5041A6F505E6160EB709744CB24
                                                                                                                                                                                                                                                                                                                                                      Function 005AE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 005AE6B4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055E551: timeGetTime.WINMM(?,?,005AE6D4), ref: 0055E555
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 005AE6E1
                                                                                                                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 005AE705
                                                                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 005AE727
                                                                                                                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 005AE746
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 005AE754
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 005AE773
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 005AE77E
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 005AE78A
                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 005AE79B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 213b8b71d21a5be65ceb20753396ef08ca2e7338c0fc7471582e162b730cae37
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 628da7d1428673cc45043f491bbf32d6d2cb23313fd432408eda19becb94fc76
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 213b8b71d21a5be65ceb20753396ef08ca2e7338c0fc7471582e162b730cae37
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C21F370300247AFEB105F20FC9AB6A3F6AF7A6349F046827F511821E1DB71AC54DA60
                                                                                                                                                                                                                                                                                                                                                      Function 005AE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 005AEA5D
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 005AEA73
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 005AEA84
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 005AEA96
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 005AEAA7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 728fed25af94c776429f4ce295580837a2b39723c35959be88d556ced92d21c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ff609014fd0744ea546c653e1d85550a289198d6bc96a70206c1570e30bd79d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 728fed25af94c776429f4ce295580837a2b39723c35959be88d556ced92d21c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA115131AD025A79E724A7A5DC4FEFF6FBDFBD2B44F0104297411A20D1EAB00915C5B0
                                                                                                                                                                                                                                                                                                                                                      Function 005A5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 005A5CE2
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 005A5CFB
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 005A5D59
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 005A5D69
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 005A5D7B
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 005A5DCF
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 005A5DDD
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 005A5DEF
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 005A5E31
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 005A5E44
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 005A5E5A
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 005A5E67
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5dac870496e53ad484ae5a0795b326d35c9c817299f12a93c3fe2d4f38ed066e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f5ca8fd82e2f8e4c22b6dffae172f5f835ab4bcd00090c1aea77e29f6488509
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5dac870496e53ad484ae5a0795b326d35c9c817299f12a93c3fe2d4f38ed066e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45510F71A00605AFDF18CF68DD89EAEBFB9FB59310F148129F516E6290E7709E04DB50
                                                                                                                                                                                                                                                                                                                                                      Function 00558BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00558F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00558BE8,?,00000000,?,?,?,?,00558BBA,00000000,?), ref: 00558FC5
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00558C81
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,?,?,?,00558BBA,00000000,?), ref: 00558D1B
                                                                                                                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 00596973
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00558BBA,00000000,?), ref: 005969A1
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00558BBA,00000000,?), ref: 005969B8
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00558BBA,00000000), ref: 005969D4
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 005969E6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0a994c684c0ca9a53d65531e2d0851f64b2d641ebf287bf3cecec43677b2bd79
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b2d54760dc31707305bd02a60057e0843a1d43e0d3e34f01971d8031a886b727
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a994c684c0ca9a53d65531e2d0851f64b2d641ebf287bf3cecec43677b2bd79
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4618A30102601DFCF319F18D968B797FF2FB51312F18991BE542AAA60CB31AC88DB90
                                                                                                                                                                                                                                                                                                                                                      Function 00559838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559944: GetWindowLongW.USER32(?,000000EB), ref: 00559952
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00559862
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98d2b00ba671630f764be8652582df741cf31ae016ba99b00699f7ce57c64b05
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 843d9e5f98704ca380a46d3b904a995e8a8824ab491eb955c87d59b1c2defcc2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98d2b00ba671630f764be8652582df741cf31ae016ba99b00699f7ce57c64b05
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D41BD31105615EFDF205F389C98BB93FA5BB16332F144647F9A28B2E2D734984AEB50
                                                                                                                                                                                                                                                                                                                                                      Function 00578D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: .V
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-732867087
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f4b57874657b90e0d145e07660402b082dbf5ee8f0f1b97ccb75d9512a0fccc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b6511eace8293dd4d5381a12e71b221217a996a1f763a291d5ea1ef43f0634c4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4b57874657b90e0d145e07660402b082dbf5ee8f0f1b97ccb75d9512a0fccc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9C1E574D042499FDF11DFA8E849BADBFB5BF49310F088096E91897392C7309941EB71
                                                                                                                                                                                                                                                                                                                                                      Function 005A96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0058F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 005A9717
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,0058F7F8,00000001), ref: 005A9720
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0058F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 005A9742
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,0058F7F8,00000001), ref: 005A9745
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 005A9866
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06ec747ec8343a0c64c177fc0dcedc6143a2116e7aa17400c0a89518eb031072
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a0ab0da2bd0938fd999ee7ab559e5a9165d4a83561e9b2c22089623d21ea9ed8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06ec747ec8343a0c64c177fc0dcedc6143a2116e7aa17400c0a89518eb031072
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2541407284021AAADF04EBE0DD8ADEF7B79BF95344F100425B601720A2EA355F48CB61
                                                                                                                                                                                                                                                                                                                                                      Function 005A06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 005A07A2
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 005A07BE
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 005A07DA
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 005A0804
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 005A082C
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 005A0837
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 005A083C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 36c544534a9e865f26e25c98c12cf16ffb3ca2e01eead1f52cb68091920ac453
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d2fd9e020804d05babe1412fab6114cd7142f744e90e4a09a3727393e353c2f0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36c544534a9e865f26e25c98c12cf16ffb3ca2e01eead1f52cb68091920ac453
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64410B72C1122AABDF25EF94DC99DEEBB78FF54354F154126E901A31A1EB309E04CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005C3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 005C3C5C
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 005C3C8A
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 005C3C94
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005C3D2D
                                                                                                                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 005C3DB1
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 005C3ED5
                                                                                                                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 005C3F0E
                                                                                                                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,005DFB98,?), ref: 005C3F2D
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 005C3F40
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 005C3FC4
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005C3FD8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e00865b4527a8f10f4d2afc809c4a10782c47fc4b22e6bbb3530a5b447b87c0a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2e490825c0fb5279ccac2d3848253620d75d61073fd9529be5e8de0fa95cb419
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e00865b4527a8f10f4d2afc809c4a10782c47fc4b22e6bbb3530a5b447b87c0a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAC115716082059FD710DFA8C884E6BBBE9FF89748F14891DF98A9B250D731ED05CB52
                                                                                                                                                                                                                                                                                                                                                      Function 005B7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 005B7AF3
                                                                                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 005B7B8F
                                                                                                                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 005B7BA3
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(005DFD08,00000000,00000001,00606E6C,?), ref: 005B7BEF
                                                                                                                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 005B7C74
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 005B7CCC
                                                                                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 005B7D57
                                                                                                                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 005B7D7A
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 005B7D81
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 005B7DD6
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 005B7DDC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1afc8e14c3bf5eb4588213fabb628ce7537151a453b594a9d04b5d3758d5dc94
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2df1b5fb315e6503f3f3085d6f0bee2dea681a1d7c9d1e6c8e92235c3517c00c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1afc8e14c3bf5eb4588213fabb628ce7537151a453b594a9d04b5d3758d5dc94
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73C10975A04109AFCB14DFA4C898DAEBFB9FF88304B148599E8199B261D731EE45CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005D541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 005D5504
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 005D5515
                                                                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000158), ref: 005D5544
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 005D5585
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 005D559B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 005D55AC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75a91feae42a8e26e44708cb6aa32247fe9f2ca5034ecef6bea6dde7ed0a162c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 304ff639c9fffb9efba73cefd0cf79d1ac377ff1f2ca130274096f6961057bec
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75a91feae42a8e26e44708cb6aa32247fe9f2ca5034ecef6bea6dde7ed0a162c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0616D30901609EBDF219F58CC849FE7FB9FB09761F10854BF925AA390E7748A84DB61
                                                                                                                                                                                                                                                                                                                                                      Function 0059FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0059FAAF
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 0059FB08
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0059FB1A
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 0059FB3A
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0059FB8D
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 0059FBA1
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0059FBB6
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 0059FBC3
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0059FBCC
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0059FBDE
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0059FBE9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c7f4d222721622df649788d12b273a53ab2ebc41477aa09796b43058cc5e6199
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bef6c37883c3e6abeea9f52f6fc87b2d94de3f5151150cb55ded1ab8d6c8511d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7f4d222721622df649788d12b273a53ab2ebc41477aa09796b43058cc5e6199
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17416035A0121AAFCF10DF64C8589EEBFB9FF58345F00806AE905E7261DB70A945DF90
                                                                                                                                                                                                                                                                                                                                                      Function 005A9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 005A9CA1
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 005A9D22
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 005A9D3D
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 005A9D57
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 005A9D6C
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 005A9D84
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 005A9D96
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 005A9DAE
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 005A9DC0
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 005A9DD8
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 005A9DEA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e098a13cbdf6f4b9195db143aec5586aaf1c06e11abf56f44a4e0b195a69e6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a973060a384d4baaa3ec823f0f8578600b7f60460615b535691e8e5b09af4950
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e098a13cbdf6f4b9195db143aec5586aaf1c06e11abf56f44a4e0b195a69e6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9141D834504BDA69FF30866488543B9BFE07F23354F08805ADAC6565C2EBA49DC8C7A2
                                                                                                                                                                                                                                                                                                                                                      Function 005C055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 005C05BC
                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 005C061C
                                                                                                                                                                                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 005C0628
                                                                                                                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 005C0636
                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 005C06C6
                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 005C06E5
                                                                                                                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 005C07B9
                                                                                                                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 005C07BF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc2d15174cfb0f82e2551aad7ee61652879cf02b743babb988aba2162de14f7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 306ebc6f478b93df4dbbc50e7239b982b31a498ce46adbbe89c83bb885e3206a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc2d15174cfb0f82e2551aad7ee61652879cf02b743babb988aba2162de14f7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5914535608202DFD724DF55C889F1ABFE0FB84318F1499A9E4698B6A2C770ED45CF81
                                                                                                                                                                                                                                                                                                                                                      Function 005C8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: abbf7823cac493d0cd0244c72f180001928fb7dae6366ca8f5e63b979051fcf0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8b34e15133d2a1c3488bf292e5f49c436c39bac5be1cb4d7cbf18aa789a1b1f7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abbf7823cac493d0cd0244c72f180001928fb7dae6366ca8f5e63b979051fcf0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B518F31A001179FCB14DFACC941ABEBBAABF65724B21462DE426E72C5DB35ED40C790
                                                                                                                                                                                                                                                                                                                                                      Function 005C372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 005C3774
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 005C377F
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,005DFB78,?), ref: 005C37D9
                                                                                                                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 005C384C
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 005C38E4
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005C3936
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5897ffa37bd8b3f1cd64fc3c8c5a0132c109de2d9885ac566a4707bd5b417907
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4142c53bf548ffaf65903711c3d0f1a5c7811d1392af98db0187427ec775e407
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5897ffa37bd8b3f1cd64fc3c8c5a0132c109de2d9885ac566a4707bd5b417907
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D616B71609206AFD310DF94C849F9ABFE4FF89715F00880EF9859B291D770EA48DB92
                                                                                                                                                                                                                                                                                                                                                      Function 005B8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 005B8257
                                                                                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 005B8267
                                                                                                                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 005B8273
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 005B8310
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 005B8324
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 005B8356
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 005B838C
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 005B8395
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c3a482766bda30b6acab8b4a4421c3b6b4b7b3b37bb2c882e770a62e95283952
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e884ffe57b6c70b5b33f5a92623044f3128572451ffa83fde283fdfe0358d9ee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3a482766bda30b6acab8b4a4421c3b6b4b7b3b37bb2c882e770a62e95283952
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 756157765043469FCB10EF64C8449EEBBECFF89314F04891AF99987251EB31E949CB92
                                                                                                                                                                                                                                                                                                                                                      Function 005D8B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00559BB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055912D: GetCursorPos.USER32(?), ref: 00559141
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055912D: ScreenToClient.USER32(00000000,?), ref: 0055915E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055912D: GetAsyncKeyState.USER32(00000001), ref: 00559183
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055912D: GetAsyncKeyState.USER32(00000002), ref: 0055919D
                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 005D8B6B
                                                                                                                                                                                                                                                                                                                                                      • ImageList_EndDrag.COMCTL32 ref: 005D8B71
                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 005D8B77
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 005D8C12
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 005D8C25
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 005D8CFF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1924731296-1177714147
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a504faa70873d2c4ca99fff6c27a69c08f246d4fa011c584eb8a530ab329ddbd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 500b2246435a7bbf17861ecc2df43c9478fddf28a486230eee4b1d62caff6789
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a504faa70873d2c4ca99fff6c27a69c08f246d4fa011c584eb8a530ab329ddbd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9518C70105205AFD714DF24DC9ABAA7BE5FB88714F000A2BF9529B2E1DB709D48CB62
                                                                                                                                                                                                                                                                                                                                                      Function 005B3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 005B33CF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 005B33F0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1843340a51905df598d93c0b1a5083aa853f3aadc6a3d69f36222a245cac262d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 333130b8526f2a89885407b7cbaa4439037060141ee6e73e12d2fd4e4fb17661
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1843340a51905df598d93c0b1a5083aa853f3aadc6a3d69f36222a245cac262d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E951B43294020AAADF14EBE0CD4AEEEBB79FF45344F144566F505720A2EB312F58DB61
                                                                                                                                                                                                                                                                                                                                                      Function 005AB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db0e68fbecfc9e0e2dbdfeef7e5b9ff4f8305bbc9279edf13cce80e8b8f2d847
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7ef7f774b8181af1aa720a618566c93b18a2d9a15abfadeffa5606017b3e541d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db0e68fbecfc9e0e2dbdfeef7e5b9ff4f8305bbc9279edf13cce80e8b8f2d847
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D441B632A001279ADB205F7DC9905BE7FB5FFA2794B244629E461DB286E731CD81C7D0
                                                                                                                                                                                                                                                                                                                                                      Function 005B5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 005B53A0
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 005B5416
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 005B5420
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 005B54A7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e7bf3de6c0b0bbaa00e11faacc2e26234ae959a393c7028e9bf90c66dd16d5c6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd20a9067d511d466f30edf64cad59924d7b36c4adb4bd932793df52804c6fc8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7bf3de6c0b0bbaa00e11faacc2e26234ae959a393c7028e9bf90c66dd16d5c6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E031A335A006059FDB18DF68C488BEABFB5FF45305F548466E405CB292EB71ED8ACB90
                                                                                                                                                                                                                                                                                                                                                      Function 005D3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateMenu.USER32 ref: 005D3C79
                                                                                                                                                                                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 005D3C88
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 005D3D10
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 005D3D24
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 005D3D2E
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 005D3D5B
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 005D3D63
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: acf7e04358c397b1ad53422f8eed8dbd23811be0164b1493058115d5ab1cdcba
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 64cf568ab539e5758b0e66583c56aef94bf07b643a66f8a4b101c07665661595
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: acf7e04358c397b1ad53422f8eed8dbd23811be0164b1493058115d5ab1cdcba
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF416C75A0220AAFDB24DF64E844ADA7FB6FF49350F14042BE94697360D730AA14DF91
                                                                                                                                                                                                                                                                                                                                                      Function 005D3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 005D3A9D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 005D3AA0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D3AC7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 005D3AEA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 005D3B62
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 005D3BAC
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 005D3BC7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 005D3BE2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 005D3BF6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 005D3C13
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e10de60e64f9281371b6116bca6f390c81be0dcccdc8449547d8a2c35d75dc57
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 812b49c62cd8dbd12dec98cff75d359975f0f3c83e2790951370b0e255e92d0a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e10de60e64f9281371b6116bca6f390c81be0dcccdc8449547d8a2c35d75dc57
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34615975900208AFDB20DF68CC81EEE7BB8FB49700F14459AEA15AB3A1D770AE45DB50
                                                                                                                                                                                                                                                                                                                                                      Function 00572C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572C94
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000), ref: 005729DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: GetLastError.KERNEL32(00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000,00000000), ref: 005729F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CA0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CAB
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CB6
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CC1
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CCC
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CD7
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CE2
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CED
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572CFB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5be67a9c8bde7f22790e4e6e79d37cf1b24e3d8da39e890b7f48f60c25e0a269
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4166c97eae9d9a88f040eed8579b1bc27e46ea656c70f93179ece415442161ba
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5be67a9c8bde7f22790e4e6e79d37cf1b24e3d8da39e890b7f48f60c25e0a269
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D119676100109AFCB02EF64E846CDD7FA5FF45350F4584A5FA4C5B222D631EED0AB90
                                                                                                                                                                                                                                                                                                                                                      Function 00545BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 00545C7A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00545D0A: GetClientRect.USER32(?,?), ref: 00545D30
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00545D0A: GetWindowRect.USER32(?,?), ref: 00545D71
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00545D0A: ScreenToClient.USER32(?,?), ref: 00545D99
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 005846F5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00584708
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00584716
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0058472B
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00584733
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 005847C4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 714dbfd7529aa22dec5342d9483b47b523aae575504a7887e98126b5cee67d68
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 478a496523f5739063194248a87cc5296766b2f60638f69c55336cd5d28b8023
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 714dbfd7529aa22dec5342d9483b47b523aae575504a7887e98126b5cee67d68
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F71F430400206DFCF21AF64C984AFA7FB5FF4A354F18466AED55AA266D3318C42DF50
                                                                                                                                                                                                                                                                                                                                                      Function 005B359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005B35E4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00612390,?,00000FFF,?), ref: 005B360A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd1dbfee14c1bc8ad4cabd99f70eae5af3e326fea1edb418a6f6ba89385f8a51
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ddd482d9f282d7c78046c85a50cffa114bbbcda1a31fc44baa608710173bbe9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd1dbfee14c1bc8ad4cabd99f70eae5af3e326fea1edb418a6f6ba89385f8a51
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11516D7284021AAADF14EFA0DC4AEEEBF79FF45304F144125F505721A2DB302B99DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 005BC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 005BC272
                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 005BC29A
                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 005BC2CA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 005BC322
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 005BC336
                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 005BC341
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: efbb4e3ffbab42bb7d8dd10fdd49718b3980db5ddd0d3efb609939ae2279e5d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fb2c9c0d2bfc40ec943a801f72da8bb1ff8508c712101cd9549d2000466ca62d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efbb4e3ffbab42bb7d8dd10fdd49718b3980db5ddd0d3efb609939ae2279e5d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A317FB5601609AFD7219F648C88AEB7FFCFB59744B54891EF486D2200DB34ED089B64
                                                                                                                                                                                                                                                                                                                                                      Function 005A989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00583AAF,?,?,Bad directive syntax error,005DCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 005A98BC
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00583AAF,?), ref: 005A98C3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 005A9987
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f2b32199e5c8427270e6a733436745642f0e1de16187a82614a5ad48cb23ef6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6259c1a90bb9a456eabe2bfc7b3da696dc115bf80427ce93fa91bb72dbdc48c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2b32199e5c8427270e6a733436745642f0e1de16187a82614a5ad48cb23ef6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8721713284021BFBDF15AF90CC0AEEE7B75BF54304F04442AF515650A2DB719A68DB50
                                                                                                                                                                                                                                                                                                                                                      Function 005A209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 005A20AB
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 005A20C0
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 005A214D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 628cc50384f2eeaa7fa4ef998e705aab32efd69e24c67aeca7a077851f1a1007
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6d39feed8b41f48a4fa06d2d2bda0607242f613c6b3d7574b0fc5b779179b87
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 628cc50384f2eeaa7fa4ef998e705aab32efd69e24c67aeca7a077851f1a1007
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D911E7766C8707BAFA156228DC1BDAB3F9DEB16324F21011AF705A50D1EA61A841DA14
                                                                                                                                                                                                                                                                                                                                                      Function 0057CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bb2dff4dbb54566e7a6838e3fe773c74001d87d51c3a57f80623f5111d29648a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26d3bf17be42c438aef510ae1e040ff2b0c419018180e005eb104d7730bbaacb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb2dff4dbb54566e7a6838e3fe773c74001d87d51c3a57f80623f5111d29648a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0761F771904301AFDF21AFB4BC59AA97FA5BF45310F08C16EF94D97241E6319D41BB60
                                                                                                                                                                                                                                                                                                                                                      Function 005D50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 005D5186
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 005D51C7
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005,?,00000000), ref: 005D51CD
                                                                                                                                                                                                                                                                                                                                                      • SetFocus.USER32(?,?,00000005,?,00000000), ref: 005D51D1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005D6FBA: DeleteObject.GDI32(00000000), ref: 005D6FE6
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D520D
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005D521A
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 005D524D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 005D5287
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 005D5296
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fe14ef105e5cbb555a226f12dec34e851ddd7ead94ef777278e64011fe0fc836
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d94177896c834cf0686c4f2e30994e3fdce9caa166e51427c57630cc9ff6dd34
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe14ef105e5cbb555a226f12dec34e851ddd7ead94ef777278e64011fe0fc836
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F518D34A51A09EEEB309F6CCC49B983F65FB05361F144113FA659A3E0E775A988DB40
                                                                                                                                                                                                                                                                                                                                                      Function 00558B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00596890
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 005968A9
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 005968B9
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 005968D1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 005968F2
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00558874,00000000,00000000,00000000,000000FF,00000000), ref: 00596901
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0059691E
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00558874,00000000,00000000,00000000,000000FF,00000000), ref: 0059692D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fdcea42c1a5207feaad4d63049a5aa735d51cd756db21697b52eb8810f058299
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 795ef8ddc953156bf3fdf13cccfa745d4ed1f3d787e523a8293d6a9857e7086b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdcea42c1a5207feaad4d63049a5aa735d51cd756db21697b52eb8810f058299
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E516A70600206EFDF20CF24CC65BAA7FBAFB94761F10451AF952A62A0DB70E958DB50
                                                                                                                                                                                                                                                                                                                                                      Function 005BC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 005BC182
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 005BC195
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 005BC1A9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005BC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 005BC272
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005BC253: GetLastError.KERNEL32 ref: 005BC322
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005BC253: SetEvent.KERNEL32(?), ref: 005BC336
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005BC253: InternetCloseHandle.WININET(00000000), ref: 005BC341
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a19798fca80090362e12a5448b1da61a0e1d0ac33c979d49624955fc0d0f4bdb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 230f9225ac5e5690dfe28af5e552375c2a6e5de6e56183030621a7a3f0a0406d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a19798fca80090362e12a5448b1da61a0e1d0ac33c979d49624955fc0d0f4bdb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3318D75201606AFDB219FA5DC48AA6BFF9FF68300B10481EF996C6610D730F814EBA4
                                                                                                                                                                                                                                                                                                                                                      Function 005A25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 005A3A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: GetCurrentThreadId.KERNEL32 ref: 005A3A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005A25B3), ref: 005A3A65
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 005A25BD
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 005A25DB
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 005A25DF
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 005A25E9
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 005A2601
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 005A2605
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 005A260F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 005A2623
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 005A2627
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 573ab52a7aaaf21aa966ebde85ca511f1b61f498c1bd2c1a6e03903ae6636c75
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 11bd333979736c4e5d8322b8a81880e549032a5fc95719960b565e7dbafd270a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 573ab52a7aaaf21aa966ebde85ca511f1b61f498c1bd2c1a6e03903ae6636c75
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2501B130690221BBFB2067699C8EF593F59EB9EB12F100003F318AF0D1C9F26448DA69
                                                                                                                                                                                                                                                                                                                                                      Function 005A1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,005A1449,?,?,00000000), ref: 005A180C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,005A1449,?,?,00000000), ref: 005A1813
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,005A1449,?,?,00000000), ref: 005A1828
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,005A1449,?,?,00000000), ref: 005A1830
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,005A1449,?,?,00000000), ref: 005A1833
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,005A1449,?,?,00000000), ref: 005A1843
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(005A1449,00000000,?,005A1449,?,?,00000000), ref: 005A184B
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,005A1449,?,?,00000000), ref: 005A184E
                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,005A1874,00000000,00000000,00000000), ref: 005A1868
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4468f4ad2e30c54a36dc66bb892d3704637a734843d27389e190392f85e34d20
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0172b065dfa425286af97bd7e940016711bbf9040a9e72e3566f9074775681c5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4468f4ad2e30c54a36dc66bb892d3704637a734843d27389e190392f85e34d20
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D01BBB5281319BFE720ABA5DC4DF6B3FACEB99B11F004412FA05DB1A1CA749804DB20
                                                                                                                                                                                                                                                                                                                                                      Function 005CA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 005AD501
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 005AD50F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AD4DC: CloseHandle.KERNEL32(00000000), ref: 005AD5DC
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 005CA16D
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 005CA180
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 005CA1B3
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 005CA268
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 005CA273
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005CA2C4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7045bc12173abc3a90e2f372bd82987eb8394fc111cf8f66ba611090ae5a1140
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91d6f349da7ee07cec0608798c330cdfc36ad32fbb6c7923aba126b0e09212f3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7045bc12173abc3a90e2f372bd82987eb8394fc111cf8f66ba611090ae5a1140
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1619D34205242AFD720DF58C498F19BFA1BF9431CF18848CE4568B7A2C776EC49CB92
                                                                                                                                                                                                                                                                                                                                                      Function 005D3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 005D3925
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 005D393A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 005D3954
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D3999
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 005D39C6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 005D39F4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 39c592a52c63e968c33b5f1fd1ee25d987d09a9188665a503ab87222cb3dd9c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8465d7c82b2f7a7e7a8a4d5eef3ffbe8af345ae0985f051c5c72cd937b70b332
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39c592a52c63e968c33b5f1fd1ee25d987d09a9188665a503ab87222cb3dd9c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F418271A00219ABEB319F68CC49BEA7FA9FF48350F100527F958E7291D771DA84DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005ABC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 005ABCFD
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 005ABD1D
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 005ABD53
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(01054D90), ref: 005ABDA4
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(01054D90,?,00000001,00000030), ref: 005ABDCC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 532316a796d89e6edcc9f9492a93c8af23c64fa57f0f2638a151dfa63b43daf1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6940edf836c68d2f07b53a72f742ab309f94ba9fdb2ed0054e4dda0394d87d7d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 532316a796d89e6edcc9f9492a93c8af23c64fa57f0f2638a151dfa63b43daf1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3251B270A002069BEF20CFB8D888BAEBFF4BF57314F14465AE401DB292D7719944CB91
                                                                                                                                                                                                                                                                                                                                                      Function 00562D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00562D4B
                                                                                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00562D53
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00562DE1
                                                                                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00562E0C
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00562E61
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                      • String ID: &HV$csm
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-3780476894
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ec6d90468bd4e88f66735c1a0cde0490858cc03498c1c4678e393c4556604f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d122fcd2746a80df187c4afa5a5cf9bff9f568d57d29818f16f634bc7c71b19
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ec6d90468bd4e88f66735c1a0cde0490858cc03498c1c4678e393c4556604f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C741D634E0160AABCF10DF68C845ADEBFB5BF85324F148155E815AB392D7319E06CBD0
                                                                                                                                                                                                                                                                                                                                                      Function 005AC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 005AC913
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 086bf32faa9d046b382dc6a15b43d2aed0aafe4773f2a8e0ece31a04bd96d265
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9a39e033fb6b60ab909904ab176ba2959878b11ca32655df863f42264a3dde46
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 086bf32faa9d046b382dc6a15b43d2aed0aafe4773f2a8e0ece31a04bd96d265
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4110236689307BEE7159B54DC82CAF2FDCFF16724B20042FF500A62C2E7B4AE405669
                                                                                                                                                                                                                                                                                                                                                      Function 005AED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9e58d35750c9615547abc926bf0745f3cb75d9ab3ba40b2f758270586aae96c9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7aaf6831f86909ed356149868049c92eb8a5b3a3948bd86a2474cb1e6328d9b4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e58d35750c9615547abc926bf0745f3cb75d9ab3ba40b2f758270586aae96c9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E241A269D1021975DB11EBF4888E9CFBBBCBF85310F508866E514E3122FB34E285C7A5
                                                                                                                                                                                                                                                                                                                                                      Function 0055F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0059682C,00000004,00000000,00000000), ref: 0055F953
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0059682C,00000004,00000000,00000000), ref: 0059F3D1
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0059682C,00000004,00000000,00000000), ref: 0059F454
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5f6431ee2c0e5943d11fd1e5efed1fe41dd147875e92c6b124eb3ae7687d8dd1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 78d6dfc01c44200e081ecd2bc5fd245737e88440cad889004922a7a31c93dc41
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f6431ee2c0e5943d11fd1e5efed1fe41dd147875e92c6b124eb3ae7687d8dd1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8415231104E40BBCB348B3CD8AC76A7FB1BB96312F14483FE94796560D631948CD711
                                                                                                                                                                                                                                                                                                                                                      Function 005D2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 005D2D1B
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 005D2D23
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 005D2D2E
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 005D2D3A
                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 005D2D76
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 005D2D87
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,005D5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 005D2DC2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 005D2DE1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bfec327e8457de59ae15b96f9bd0dc9994bc7ce66af00384df8cf3c46075ad14
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b11c761e7761b32c3006c0ffbe2107d703cc96058678fa3fe669aa07ca067bd2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bfec327e8457de59ae15b96f9bd0dc9994bc7ce66af00384df8cf3c46075ad14
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04318B72202214BFEB218F548C8AFEB3FA9FF19711F044057FE089A291C6759C41CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005A5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2301489eac019e8449032379de87aca07074f26c1716ca231cfaba68480dadaf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7646d58831543efac81ed2f594617e079ff7adc199669d4ab32ba5246151091b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2301489eac019e8449032379de87aca07074f26c1716ca231cfaba68480dadaf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C219871744E06B7922455145E86FBE3F5CBE62385B444822FD175B741F720ED1082A9
                                                                                                                                                                                                                                                                                                                                                      Function 005C4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b3ee6c2d149f365b175c0ddaa86715c3cb3551aa941f59ffdd8066fdfdd1361b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cb1d0b7eadeb0246ada8f96d4c71d0bef1e26ff4a6bc0e3228b0f961177994eb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3ee6c2d149f365b175c0ddaa86715c3cb3551aa941f59ffdd8066fdfdd1361b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CD17F75A0060A9FDF10CFE8C885FAEBBB5BF48344F14856DE915AB281E770AD85CB50
                                                                                                                                                                                                                                                                                                                                                      Function 00581522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,005817FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 005815CE
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,005817FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00581651
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,005817FB,?,005817FB,00000000,00000000,?,00000000,?,?,?,?), ref: 005816E4
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,005817FB,00000000,00000000,?,00000000,?,?,?,?), ref: 005816FB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00573820: RtlAllocateHeap.NTDLL(00000000,?,00611444,?,0055FDF5,?,?,0054A976,00000010,00611440,005413FC,?,005413C6,?,00541129), ref: 00573852
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,005817FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00581777
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 005817A2
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 005817AE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 150dc2924e8894df8c56884a0ce6dddafc712bc44c5411bb5174bf3c490c2534
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f80dd475a99d9faeafe562b72f926b49d0834c62c258f341c1704c15669b9eea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 150dc2924e8894df8c56884a0ce6dddafc712bc44c5411bb5174bf3c490c2534
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E91B271E00A169ADB20AE64D885AEE7FB9FF49310F184659EC06F7181DB35CC42CB64
                                                                                                                                                                                                                                                                                                                                                      Function 005C4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 206136136ba7282b196fe2ee04ed1dd2ddd9b04a1b96c5e461c28300dc430baf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bfcf9001bb8c948a20f8bba947d802e4eee30e128841d422e81322897f6ae10e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 206136136ba7282b196fe2ee04ed1dd2ddd9b04a1b96c5e461c28300dc430baf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8914971A00219AFDF24CFA4C858FAEBBB8FF46715F10855EE505AB281D7709945CFA0
                                                                                                                                                                                                                                                                                                                                                      Function 005B1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 005B125C
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 005B1284
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 005B12A8
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005B12D8
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005B135F
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005B13C4
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005B1430
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8a46da858f154bf02fc22c985818501c754c0f44e22057bafda4199369efcb82
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d24594cce8a94778ba14d1e3531a4877f196b7060da49c79d452a9d18788089
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a46da858f154bf02fc22c985818501c754c0f44e22057bafda4199369efcb82
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F91F17590060A9FDB409F94C8A9BFEBFB5FF85315F10442AE900EB291D774B941CB94
                                                                                                                                                                                                                                                                                                                                                      Function 0055948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f6813842f75446ca7f9d22aa06d5a6f616f34ab9ae5314b6b38b4c24b205cdfe
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5985bd591d95b7b5d2299cb8d47ffd673d0802e24f85abf987fe2a4cc7e159b8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6813842f75446ca7f9d22aa06d5a6f616f34ab9ae5314b6b38b4c24b205cdfe
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8191177190021AEFCB10CFA9C888AEEBFB8FF49321F144556E915B7251D378A955CB60
                                                                                                                                                                                                                                                                                                                                                      Function 005C3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 005C396B
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 005C3A7A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005C3A8A
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005C3C1F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005B0CDF: VariantInit.OLEAUT32(00000000), ref: 005B0D1F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005B0CDF: VariantCopy.OLEAUT32(?,?), ref: 005B0D28
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005B0CDF: VariantClear.OLEAUT32(?), ref: 005B0D34
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0c851f95062d8764bbee649811b9350f71eead02aaf81ee085e1de18c8d478da
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f57ff495e2986983109008bcc801498c81cc3274f2db872eb148cdbfdef707b8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c851f95062d8764bbee649811b9350f71eead02aaf81ee085e1de18c8d478da
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91916A756083069FC704DF68C48596ABBE4FF88318F14892EF8899B351DB31EE05CB92
                                                                                                                                                                                                                                                                                                                                                      Function 005C4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?,?,?,005A035E), ref: 005A002B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?,?), ref: 005A0046
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?,?), ref: 005A0054
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?), ref: 005A0064
                                                                                                                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 005C4C51
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005C4D59
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 005C4DCF
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 005C4DDA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 47e8ead51f5ef78327d61c41a9e68d4dd50230a6b77894964129a35aca8b4814
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5c596cf6cb37b5c91439c8e94e0d55470de13e9c76065eaf95ab6829f54652b1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47e8ead51f5ef78327d61c41a9e68d4dd50230a6b77894964129a35aca8b4814
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84911571D0021AAFDF14DFE4D895EEEBBB8BF48304F10856AE915A7251DB309A44CF61
                                                                                                                                                                                                                                                                                                                                                      Function 005D20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 005D2183
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 005D21B5
                                                                                                                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 005D21DD
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D2213
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 005D224D
                                                                                                                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 005D225B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 005A3A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: GetCurrentThreadId.KERNEL32 ref: 005A3A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005A25B3), ref: 005A3A65
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 005D22E3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AE97B: Sleep.KERNEL32 ref: 005AE9F3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bfbc9df44cf52f6349acce3216e652c5006848066c3ae826c591c26596ce2066
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ea5ab8c124b93de11402804b65268fb50b2f1993991ac46043f103e7e50c87b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bfbc9df44cf52f6349acce3216e652c5006848066c3ae826c591c26596ce2066
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03715E75A00216AFCB20DFA8C845AAEBFB5FF98310F14845AE916EB351D735E941CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005AAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 005AAEF9
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 005AAF0E
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 005AAF6F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 005AAF9D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 005AAFBC
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 005AAFFD
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 005AB020
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7742eb3656212c001618afcb510779b3fb6be197abdedafd4c90ea5ece3995b8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 065dd5b75b43a3287fe8aa8baea714a9fde307e1c938dd32e89afaced4eb6d76
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7742eb3656212c001618afcb510779b3fb6be197abdedafd4c90ea5ece3995b8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC5181A06047D63DFB3682348C49BBEBEA97F47304F08858AE1D9558C3D799ACC8D791
                                                                                                                                                                                                                                                                                                                                                      Function 005AACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 005AAD19
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 005AAD2E
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 005AAD8F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 005AADBB
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 005AADD8
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 005AAE17
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 005AAE38
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 45cd1092d8b1e3b066478f6493035b5d01dd83952e71f7e62e268a25b3ef730c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 40e274b9701b5300cefc9cc58821f6f9ee72b7429b52f70750b5f75ed9b4fe98
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45cd1092d8b1e3b066478f6493035b5d01dd83952e71f7e62e268a25b3ef730c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF51B1A15047D63DFB3782248C55B7EBEA97B47300F088589E1D55A8C2D394EC88E7A2
                                                                                                                                                                                                                                                                                                                                                      Function 0057542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(00583CD6,?,?,?,?,?,?,?,?,00575BA3,?,?,00583CD6,?,?), ref: 00575470
                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 005754EB
                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 00575506
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00583CD6,00000005,00000000,00000000), ref: 0057552C
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00583CD6,00000000,00575BA3,00000000,?,?,?,?,?,?,?,?,?,00575BA3,?), ref: 0057554B
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,00575BA3,00000000,?,?,?,?,?,?,?,?,?,00575BA3,?), ref: 00575584
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 81a6b76616826f4f74282d30a5cc9e9f201dfd11803810ac671da7cc738b924d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d59209b8b0da40382e8a562c3d04e79368ccabf90c08bbcddb1d64daed39566b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81a6b76616826f4f74282d30a5cc9e9f201dfd11803810ac671da7cc738b924d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE51C4709006499FDB10CFA8E845AEEBFF9FF09300F14851AF959E7291E7709A41DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005C10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 005C307A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005C304E: _wcslen.LIBCMT ref: 005C309B
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 005C1112
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C1121
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C11C9
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 005C11F9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d1dc674631960fd0b17348807f8261d67bcefe0f1d99fae2c29c6d1a1677ebc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f69c016c7767d55ab902776de3d8570be44122e9fc052730f80dc4e2e1a3ddde
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d1dc674631960fd0b17348807f8261d67bcefe0f1d99fae2c29c6d1a1677ebc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E341D331600605AFDB109F54C848FA9BFE9FF86324F18815AFD169B292C774ED45CBA4
                                                                                                                                                                                                                                                                                                                                                      Function 005ACF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,005ACF22,?), ref: 005ADDFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,005ACF22,?), ref: 005ADE16
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 005ACF45
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 005ACF7F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005AD005
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005AD01B
                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 005AD061
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 89a7370ecdaa539919c83456af4aa42eb0b725d6bb0f41df7020d93cef3263a3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec01e851f9fea4d13dc09c8f4795a018f545638c8e69b9c12fa467582af2591f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89a7370ecdaa539919c83456af4aa42eb0b725d6bb0f41df7020d93cef3263a3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E84167719452195FDF12EFA4D985ADEBFB9BF49340F0000E6E505EB141EB34AA88CB50
                                                                                                                                                                                                                                                                                                                                                      Function 005D2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 005D2E1C
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D2E4F
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D2E84
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 005D2EB6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 005D2EE0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D2EF1
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005D2F0B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 17f1de9aaf4a2afd14bdcb8be762473118209cd4d6f1075b4db0d3e9d211fc8a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 437dfc6e865122382bc1aec3e06ff62069ba16f74979dce6db3738c381a6f1b7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17f1de9aaf4a2afd14bdcb8be762473118209cd4d6f1075b4db0d3e9d211fc8a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C13103306451419FDB31CF1CDC84FA53BA9FBAA710F1845A7FA148F2B1CB61A844DB00
                                                                                                                                                                                                                                                                                                                                                      Function 005A7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005A7769
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005A778F
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 005A7792
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 005A77B0
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 005A77B9
                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 005A77DE
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 005A77EC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 958af034a913b1004f993c08ee3bf14ba8c141583b3750cb3937afa6e54cd1e5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e255b36be88b986b0906f5e054dd8d4aa8c3e2b20dd0431ee07ef8b79a2aaf5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 958af034a913b1004f993c08ee3bf14ba8c141583b3750cb3937afa6e54cd1e5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A219C7660921AAFDF10DFA8CC88CBE7BACFB0A3647008526BA14DB150D6709C45C760
                                                                                                                                                                                                                                                                                                                                                      Function 005A77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005A7842
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005A7868
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 005A786B
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 005A788C
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 005A7895
                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 005A78AF
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 005A78BD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4be9b2c967d4673a87b3c1811d5b7daf43428014e09bab255b0824a897442ac8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f9197424b2467a42fa06cda85a3d2163505a25dc75a14f075073457febecce25
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4be9b2c967d4673a87b3c1811d5b7daf43428014e09bab255b0824a897442ac8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9521813160910AAF9F109BA8DC88DAE7BACFB0D3617108126B915CB2A5D678DC45DB64
                                                                                                                                                                                                                                                                                                                                                      Function 005B04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 005B04F2
                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 005B052E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2491837d09e7707afdb430cc93ba3eeeb1decbdc562755b81de9d2cef85b4dcd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02cda297acd76e1872ac2da5c6992a4f57f9b23638b3dd973f09170f9f143a4a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2491837d09e7707afdb430cc93ba3eeeb1decbdc562755b81de9d2cef85b4dcd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91212BB5500206ABDF309F69DC49A9B7FE4BF54724F204A1AE8A1962E0E770A954DF20
                                                                                                                                                                                                                                                                                                                                                      Function 005B05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 005B05C6
                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 005B0601
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f54d6a751bc3ad655086cf7e23a0e9dec4ff2c802730d73d989d216af267174
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9aea7dd22c339d9e0967a12986fd63994000e6ef235dbc567909ca42a27f72c4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f54d6a751bc3ad655086cf7e23a0e9dec4ff2c802730d73d989d216af267174
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B214F755003169BDB209F699C04AEB7BE4BF95720F201B1AF8A1E72E0D770A960CB10
                                                                                                                                                                                                                                                                                                                                                      Function 005D40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0054600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0054604C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0054600E: GetStockObject.GDI32(00000011), ref: 00546060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0054600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0054606A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 005D4112
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 005D411F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 005D412A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 005D4139
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 005D4145
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 723cc8d09a648352645a1b8fea8452bd62e9e2f7f71e69805c08f95ca1915bcf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 187e3735bc902398705512b814021b2a2206450db4a7db8a7666f1acd9d38283
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723cc8d09a648352645a1b8fea8452bd62e9e2f7f71e69805c08f95ca1915bcf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF1193B115011ABFEF218EA4CC85EE77F6DFF09798F014112B718A6190C6729C21DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 0057D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057D7A3: _free.LIBCMT ref: 0057D7CC
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D82D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000), ref: 005729DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: GetLastError.KERNEL32(00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000,00000000), ref: 005729F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D838
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D843
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D897
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D8A2
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D8AD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D8B8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e307cf3a807c1694b6086cdc376463fcbdd610533a5b43f633f081ba9c0d7682
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28115171540B05AAD521BFB4EC4FFCBBFFCBFC0700F448825B29DA6092DA69B5856660
                                                                                                                                                                                                                                                                                                                                                      Function 005ADA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 005ADA74
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 005ADA7B
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 005ADA91
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 005ADA98
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 005ADADC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 005ADAB9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7df3c44e669439ad69f5f54a6d8f1b08293c54a02e5a49598d22de25822c99f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4ce12c9f0bacc897124bd25bb89df81e95ae34581102937c4a55999269bce8b3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7df3c44e669439ad69f5f54a6d8f1b08293c54a02e5a49598d22de25822c99f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9014FF25002197FEB20ABA49D89EEB3B6CE709301F404597B706E2041EA749E88DF74
                                                                                                                                                                                                                                                                                                                                                      Function 005B096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(0104EA58,0104EA58), ref: 005B097B
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0104EA38,00000000), ref: 005B098D
                                                                                                                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 005B099B
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 005B09A9
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005B09B8
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(0104EA58,000001F6), ref: 005B09C8
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0104EA38), ref: 005B09CF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2dde33919b542a9e8610f0dbc0a04f9054733bd323094fc69d97929d7b90aa6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 84e475529ade1ab5ffb58f1012e41fb5ce47f80128e29a844815ceb369e3255f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dde33919b542a9e8610f0dbc0a04f9054733bd323094fc69d97929d7b90aa6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AF01D31483513ABD7615B94EE89BD67F25BF11702F402117F141918A0C774A469DF90
                                                                                                                                                                                                                                                                                                                                                      Function 005C1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 005C1DC0
                                                                                                                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 005C1DE1
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C1DF2
                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(?,?,?,?,?), ref: 005C1EDB
                                                                                                                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 005C1E8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A39E8: _strlen.LIBCMT ref: 005A39F2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005C3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,005BEC0C), ref: 005C3240
                                                                                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 005C1F35
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c5402e567d27aad3aed01ec78c436f55518bdaf1ccc8d629c351e92719524c92
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bbf8511aa8f9ffcb3dc176db93e20be131ffba6c9083a76f4535399092e8b26f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5402e567d27aad3aed01ec78c436f55518bdaf1ccc8d629c351e92719524c92
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41B1AA30204641AFC324DF64C899F6ABFA5BF86318F54894CF4565B2A3DB31ED46CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00545D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00545D30
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00545D71
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00545D99
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00545ED7
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00545EF8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bd9faed75c94f5d2273f5ab5a9b9ae6cbfda673838fe36686c1fbc2005785b0f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 398e167ad12c9152844dc28bba6af563a3dbb32c711fe9bc769f0f74681c2865
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd9faed75c94f5d2273f5ab5a9b9ae6cbfda673838fe36686c1fbc2005785b0f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBB17934A0064ADBDB14DFA8C4407EABBF1FF58314F14881AECA9E7250EB34AA51DF50
                                                                                                                                                                                                                                                                                                                                                      Function 005701B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 005700BA
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005700D6
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 005700ED
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0057010B
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00570122
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00570140
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e120e76a05f6e8b4d9dc89bc8fb2dc2ec310a57f5cf17a5593907e0e090bec8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5581F671A00706DBE724AF28EC45B6BBBE9BF81324F24853AF515D72C1EB70D9009B50
                                                                                                                                                                                                                                                                                                                                                      Function 005761FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,005682D9,005682D9,?,?,?,0057644F,00000001,00000001,8BE85006), ref: 00576258
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0057644F,00000001,00000001,8BE85006,?,?,?), ref: 005762DE
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 005763D8
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 005763E5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00573820: RtlAllocateHeap.NTDLL(00000000,?,00611444,?,0055FDF5,?,?,0054A976,00000010,00611440,005413FC,?,005413C6,?,00541129), ref: 00573852
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 005763EE
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00576413
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0b12b9c075825518164b77dbdbe885a67fae262ef828844f9949baf067ac4b6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2df71901b9d73627283b67ed5484341c9e2c8021751d6a50b9646bd9014fdbf1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b12b9c075825518164b77dbdbe885a67fae262ef828844f9949baf067ac4b6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F451D472600A16ABDB258F64EC85EAF7FAAFB84710F148A29FC09D7141DB34DC44E760
                                                                                                                                                                                                                                                                                                                                                      Function 005CBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,005CB6AE,?,?), ref: 005CC9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CC9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CCA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CCA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 005CBCCA
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 005CBD25
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 005CBD6A
                                                                                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 005CBD99
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 005CBDF3
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 005CBDFF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ed5b9fce20044383c7852f113685cd2d4f1a3a2e278e29df101a24613c113f11
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d7f9a97605e0c1c74dce6ef9eac2dc044ba082fe861a2197ff92a02c2d965543
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed5b9fce20044383c7852f113685cd2d4f1a3a2e278e29df101a24613c113f11
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68815B70108242AFD714DF64C896E6ABFE5FF84308F14895DF45A4B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0059F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000035), ref: 0059F7B9
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000001), ref: 0059F860
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(0059FA64,00000000), ref: 0059F889
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(0059FA64), ref: 0059F8AD
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(0059FA64,00000000), ref: 0059F8B1
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0059F8BB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e05f66324b55feb991ebca9ec7a6fa17161105bbc1be955e1a4c35e060cbc309
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4bd2a7a2a4e1fdd1880637c96d5d18ffe5e003b6594a6d62ff51104d7214e3dc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e05f66324b55feb991ebca9ec7a6fa17161105bbc1be955e1a4c35e060cbc309
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4151D531600311BBCF60AF65D899B69BBA8FF85310F249867E805DF291DB70CC40C7A6
                                                                                                                                                                                                                                                                                                                                                      Function 005B910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00547620: _wcslen.LIBCMT ref: 00547625
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 005B94E5
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B9506
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B952D
                                                                                                                                                                                                                                                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 005B9585
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e4f3b9dca6eaaedf722b2b191d84bcf9a252f604aaaf8525322bb298eb6dd39c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c6ed000df8787dd22650ff474c7eb2190c0cbbdd352d8b349e523702c13a848e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4f3b9dca6eaaedf722b2b191d84bcf9a252f604aaaf8525322bb298eb6dd39c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8FE181315083419FD724DF24C485AAABBE4BFC5314F14896DF9899B2A2DB31ED05CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0055920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00559BB2
                                                                                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 00559241
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005592A5
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 005592C2
                                                                                                                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 005592D3
                                                                                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 00559321
                                                                                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 005971EA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559339: BeginPath.GDI32(00000000), ref: 00559357
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d7f6574a884b2c33e68efe28de28aa2b2818724aa8a5db770af3df2ad3b5952
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e2a66a6c2771a8049bba1b48dc30b7e7554bdfc97b3d28418e5d3b292db1a16
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d7f6574a884b2c33e68efe28de28aa2b2818724aa8a5db770af3df2ad3b5952
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A41A170105301EFDB20DF54C894FA67FA9FB5A321F144A2BFA648B1A1C7349849EB61
                                                                                                                                                                                                                                                                                                                                                      Function 005B07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 005B080C
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 005B0847
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 005B0863
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 005B08DC
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 005B08F3
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 005B0921
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 453f81f07e496d59688814e11a32e356872e7cdea8d00fc51ab15336df1ba165
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d441b12cb4a186a700cf2e777462b770717c13d7834cd87b3e566ba32e687f5a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 453f81f07e496d59688814e11a32e356872e7cdea8d00fc51ab15336df1ba165
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9414771900206EBDF14AF54DC85AAB7BB9FF44310F1440A6ED00AB297DB30EE65DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005D81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0059F3AB,00000000,?,?,00000000,?,0059682C,00000004,00000000,00000000), ref: 005D824C
                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 005D8272
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 005D82D1
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 005D82E5
                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 005D830B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 005D832F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ee2b1306ac1c71e13a4a0c5448dbecef491eb83c8a7940ad0d0cc36407b1a7d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 84274e1ac5d9dbf9e22e1dfa52ba46c0213464e844b92e6760c8982dff2c677a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ee2b1306ac1c71e13a4a0c5448dbecef491eb83c8a7940ad0d0cc36407b1a7d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92415134602645AFDB31CF29CC99BF47FE1BB46715F18526BE6184F262CB31A845CB50
                                                                                                                                                                                                                                                                                                                                                      Function 005A4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 005A4C95
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 005A4CB2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 005A4CEA
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005A4D08
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 005A4D10
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 005A4D1A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 45439e84455b31555532b2e066a88d73aff8552d5e257b73558f5a8baa1f9770
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ce6c00f5319f6baa102690ad9360f47c28fc8ed46973bd8fce3f8f53c5d69f9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45439e84455b31555532b2e066a88d73aff8552d5e257b73558f5a8baa1f9770
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6521D731605201BBEB255B79AC4AE7F7F9CEF86750F10402AF909CE191DAA1DC40DAA0
                                                                                                                                                                                                                                                                                                                                                      Function 005B581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00543AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00543A97,?,?,00542E7F,?,?,?,00000000), ref: 00543AC2
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005B587B
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 005B5995
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(005DFCF8,00000000,00000001,005DFB68,?), ref: 005B59AE
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 005B59CC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f6d5b06d760688ec37ff7b54ec7a9272212409688e7a1053262389e74875cd37
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 37684e0a138480817433c54b2fde41c09a307b51ba7d0ea2228842a07ba14e26
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6d5b06d760688ec37ff7b54ec7a9272212409688e7a1053262389e74875cd37
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83D147716047019FC718DF24C484AAABBE5FF89714F14485DF88A9B361E731ED45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 005A175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 005A0FCA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 005A0FD6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 005A0FE5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 005A0FEC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 005A1002
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,005A1335), ref: 005A17AE
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 005A17BA
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 005A17C1
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 005A17DA
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,005A1335), ref: 005A17EE
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A17F5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 89318a77f2b0843905b080509ec90090cc092be210cad3d513a7954d3d2b8464
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a18f166bc38fef1963f7b8f7f302de41b060a68ef326248c83a75cde188c8eb3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89318a77f2b0843905b080509ec90090cc092be210cad3d513a7954d3d2b8464
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B11BE31511616FFDB249FA4CC49FAE7FA9FB42355F10401AF481A7290C735A944DB64
                                                                                                                                                                                                                                                                                                                                                      Function 005A14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 005A14FF
                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 005A1506
                                                                                                                                                                                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 005A1515
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 005A1520
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 005A154F
                                                                                                                                                                                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 005A1563
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c309e882a27ca46530ed14667d232ae823943729a4e207380e53dc0543bc7f22
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f25c7b18f3611167c228e83cdcc53a27fb9d47a54a2684a90501afd4fee95da1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c309e882a27ca46530ed14667d232ae823943729a4e207380e53dc0543bc7f22
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0711297250120AABDF218F98DD49FDE7FA9FF49744F04411AFA05A20A0C375CE64EB64
                                                                                                                                                                                                                                                                                                                                                      Function 00563382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00563379,00562FE5), ref: 00563390
                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0056339E
                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005633B7
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00563379,00562FE5), ref: 00563409
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9b387c78668da1884798304e5df1a58ffba32ae90dc32fba7364717e5562b0ae
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5ce04df1fed739d911331125b49bf7eec7b38ca4ee7de0d7ee0640f4fb50f3b9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b387c78668da1884798304e5df1a58ffba32ae90dc32fba7364717e5562b0ae
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C012F32749312BEEB2427B8BC89A672E94FB5537A720072AF411832F0EF124E15E544
                                                                                                                                                                                                                                                                                                                                                      Function 00572D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00575686,00583CD6,?,00000000,?,00575B6A,?,?,?,?,?,0056E6D1,?,00608A48), ref: 00572D78
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572DAB
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572DD3
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,0056E6D1,?,00608A48,00000010,00544F4A,?,?,00000000,00583CD6), ref: 00572DE0
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,0056E6D1,?,00608A48,00000010,00544F4A,?,?,00000000,00583CD6), ref: 00572DEC
                                                                                                                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 00572DF2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c443a32fe7f516d66dd075486898a11ab6d09679d10544a3a422f497931d71e8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 05e421aa6f8d4d27024b335e1d9d5d7ab60a35d1dd8f513b39642a2874d94ab5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c443a32fe7f516d66dd075486898a11ab6d09679d10544a3a422f497931d71e8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4F0A93594560267C73227787C0EA5B1E59BFD1771F25C519F82C921D6DE3488827160
                                                                                                                                                                                                                                                                                                                                                      Function 005D8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00559693
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559639: SelectObject.GDI32(?,00000000), ref: 005596A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559639: BeginPath.GDI32(?), ref: 005596B9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559639: SelectObject.GDI32(?,00000000), ref: 005596E2
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 005D8A4E
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000003,00000000), ref: 005D8A62
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 005D8A70
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000000,00000003), ref: 005D8A80
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 005D8A90
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 005D8AA0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6d7a40b4305cc02da86ca626d098fc2e1c7a4dbb75180a04feb1db28462c0b92
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b5a97d6fd38593789e228ec1a664d094aab0703b2f674195710e58d58d90b17a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d7a40b4305cc02da86ca626d098fc2e1c7a4dbb75180a04feb1db28462c0b92
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA11097600114DFFDF229F94DC88EAA7F6DEB09350F048053BA199A1A1C7719D59EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005A51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 005A5218
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 005A5229
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 005A5230
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 005A5238
                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 005A524F
                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 005A5261
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d6aff784ec61409c16b7a93a75b4d74bc2386989a23888ef82287c5c5255576
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7c5a68dda923a0ca2a565899d30adb0820b6266690118a4e893e4ac88f01428a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d6aff784ec61409c16b7a93a75b4d74bc2386989a23888ef82287c5c5255576
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0018F75A01719BBEB109BA59C49F4EBFB8FF58351F044066FA04A7280D6709804DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00541BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00541BF4
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00541BFC
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00541C07
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00541C12
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 00541C1A
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00541C22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fb267d68f6ee8925444bc5a3f7a6ba4460bb5a66845b8ad4e27fcba1951677fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c647b1d2fdbe6a9f63c225b78329d7d39b75e6a09b181ecf39fa9ccc9a1c9f9a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb267d68f6ee8925444bc5a3f7a6ba4460bb5a66845b8ad4e27fcba1951677fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4016CB090275ABDE3008F5A8C85B52FFA8FF19354F00411B915C4B941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                      Function 005AEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 005AEB30
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 005AEB46
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 005AEB55
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 005AEB64
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 005AEB6E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 005AEB75
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f03302fa10466b70ae8348b840e365b9e4440a2f0ebc61843529e372d961c899
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: be5827c63e93236c61dc6a287e5c80103f68eaade8ac2dc3b8f53a4fbdfb8147
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f03302fa10466b70ae8348b840e365b9e4440a2f0ebc61843529e372d961c899
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2F06D72142129BBEA305B929C0EEAF3F7CEBDAB11F00015AF601D109097A05A05D6B4
                                                                                                                                                                                                                                                                                                                                                      Function 00597439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 00597452
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 00597469
                                                                                                                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 00597475
                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 00597484
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00597496
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 005974B0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 32711d9d2d8bdcac925ea4b0182b12266c13bb1fbdf76240307dde8a3784e26e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7238a51e3cf09742ca6f7481d2f2396ffc4b023fd4eb591b74746eb90311d3d6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32711d9d2d8bdcac925ea4b0182b12266c13bb1fbdf76240307dde8a3784e26e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97018B3140521AEFDF205FA4DC08BAE7FB6FB18311F1401A3F91AA21A1CB311E45EB10
                                                                                                                                                                                                                                                                                                                                                      Function 005A1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 005A187F
                                                                                                                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 005A188B
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005A1894
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005A189C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 005A18A5
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A18AC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 27edcd45d814a3687e412a3fee84c99aa38c965e1b437c076f7c2712e594c1ef
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ccdac3d3c6cf96f53b6c654c34fe64fbc3f675fdcb0403c2570e632003ce4282
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27edcd45d814a3687e412a3fee84c99aa38c965e1b437c076f7c2712e594c1ef
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3E0E536045112FBDB116FE1ED0C90ABF39FF69B22B108627F225810B0CB329424EF50
                                                                                                                                                                                                                                                                                                                                                      Function 0054BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0054BEB3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%a$D%a$D%a$D%aD%a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-695643209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e787a92b303a7aca5af052521b5f187df3c75da82e4be37634a1b71cc9999a6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8954a930c95bcc1a108d3a4baaac80095389f37f054e0fa946009253e2547b1f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e787a92b303a7aca5af052521b5f187df3c75da82e4be37634a1b71cc9999a6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F913975A0020ACFDB18CF58C0D06EABBF2FF58318B24856AD945AB351E731ED91DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005C7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00560242: EnterCriticalSection.KERNEL32(0061070C,00611884,?,?,0055198B,00612518,?,?,?,005412F9,00000000), ref: 0056024D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00560242: LeaveCriticalSection.KERNEL32(0061070C,?,0055198B,00612518,?,?,?,005412F9,00000000), ref: 0056028A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600A3: __onexit.LIBCMT ref: 005600A9
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 005C7BFB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005601F8: EnterCriticalSection.KERNEL32(0061070C,?,?,00558747,00612514), ref: 00560202
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005601F8: LeaveCriticalSection.KERNEL32(0061070C,?,00558747,00612514), ref: 00560235
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: +TY$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 535116098-2344059749
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7e2244d84a1ae93a70f763a42f6c1403c0fd6a06debb956ca0e1aa26c8728b1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7769068e479e8737110be5ab65a2133425e3ecc8429764d92229bb76f5772b3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e2244d84a1ae93a70f763a42f6c1403c0fd6a06debb956ca0e1aa26c8728b1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E916B74A0420AAFCB14EF94D895EADBFB2BF88304F14805DF8165B692DB71AE41CF51
                                                                                                                                                                                                                                                                                                                                                      Function 005AC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00547620: _wcslen.LIBCMT ref: 00547625
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 005AC6EE
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005AC735
                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 005AC79C
                                                                                                                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 005AC7CA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0fd98548faf055fe4f32ce4231a12e96e52a0df86d15202f322b400791e7f847
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 054ea939d2942f50d71b0dd5418b067e09a0f59eb69de952c127afc272661f31
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fd98548faf055fe4f32ce4231a12e96e52a0df86d15202f322b400791e7f847
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F51AE716043019BD715DE28C889AAE7FE8FF8A314F040A2EF9A5D71A1DB64D944CF92
                                                                                                                                                                                                                                                                                                                                                      Function 005CAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 005CAEA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00547620: _wcslen.LIBCMT ref: 00547625
                                                                                                                                                                                                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 005CAF38
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005CAF67
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f068fdba9d0ff27a445d2b5d45a786913f2046312f178b59a21584599e4b08a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 24032b719179a7d2da1af283e541e78dc4c379498f57d2a5c08880472e274153
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f068fdba9d0ff27a445d2b5d45a786913f2046312f178b59a21584599e4b08a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3714474A0061A9FCB14DF94C489A9EBFB4FF48318F04889DE816AB362D774ED45CB91
                                                                                                                                                                                                                                                                                                                                                      Function 005A719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 005A7206
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 005A723C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 005A724D
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 005A72CF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b4c1766b1ccab8222baea65d86fb634d9956581656d735f65474350bdc54b309
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bd504be7a834015aa0c5b82ceaae4ffeafce9bc95051a87b4a77d7ff0f218669
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4c1766b1ccab8222baea65d86fb634d9956581656d735f65474350bdc54b309
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA416E75604209AFDB25CF54CC84B9E7FA9FF89310F1484AABD059F20AD7B0DA45DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005D3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 005D3E35
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 005D3E4A
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 005D3E92
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 005D3EA5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7cbeab65aac1deafba07dc0bf9f009db1d7fd82c01a0e449d556d05e3814d12b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5a8ff58b744ee29c118af5bb8003bafedd6fca7f4a42c2d7a6db52e0c94643f2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cbeab65aac1deafba07dc0bf9f009db1d7fd82c01a0e449d556d05e3814d12b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E414A75A01209AFDB20DF58D884AEABBB9FF49354F04412BE9159B390D730AE44DF51
                                                                                                                                                                                                                                                                                                                                                      Function 005D2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 005D2F8D
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 005D2F94
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 005D2FA9
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 005D2FB1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b1a1104d176a279f2e651fbda277497e660171651ecc1dfb1b94b91d0c655f0b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 78b3e3cf45756faf9f302c5dc5317b4c8ed58410a89b359eb9650f96cd756220
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1a1104d176a279f2e651fbda277497e660171651ecc1dfb1b94b91d0c655f0b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B21DE71204206ABEB204F68DC86EBB3BB9FF69324F104A1BF954D6290D771DC41E760
                                                                                                                                                                                                                                                                                                                                                      Function 00564D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00564D1E,005728E9,?,00564CBE,005728E9,006088B8,0000000C,00564E15,005728E9,00000002), ref: 00564D8D
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00564DA0
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00564D1E,005728E9,?,00564CBE,005728E9,006088B8,0000000C,00564E15,005728E9,00000002,00000000), ref: 00564DC3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 347f87b4e55b675a3b54bb0b8be07861450977f7ac1da4e3717602aad500d965
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 25b701fbcb16d02725e246e881f22357743535e7032e94961a83a539e51aab07
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 347f87b4e55b675a3b54bb0b8be07861450977f7ac1da4e3717602aad500d965
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBF0AF30A41219FBDB209F90DC09BAEBFB9FF54751F0001A6F805A62A0CF705984DF90
                                                                                                                                                                                                                                                                                                                                                      Function 00544E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00544EDD,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544E9C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00544EAE
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00544EDD,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544EC0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f69db4730339b63d6a6e4ff53659cf0fa1e2f891caeb6f475ba780a15b60945
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7540b2f90def84b0b933bdb7f91160269efb708a48e52e875cc8137b528195e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f69db4730339b63d6a6e4ff53659cf0fa1e2f891caeb6f475ba780a15b60945
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6E08635A426339BD23217656C1CB9B6E6CBF91B667050117FC00D6250DF60CD05D4A1
                                                                                                                                                                                                                                                                                                                                                      Function 00544E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00583CDE,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544E62
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00544E74
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00583CDE,?,00611418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00544E87
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9ae78793d3393a03367aa745c6445e4f5f11f5ac30608e14b6c84dfaf5eba5e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c434d3fcf943e78a0f820aac160e44595022425df1227910676462c2dff0c33
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9ae78793d3393a03367aa745c6445e4f5f11f5ac30608e14b6c84dfaf5eba5e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5D0C231543633979A321B246C08ECB7F1CBF81B153050213B800E7250CF20CD11D9D1
                                                                                                                                                                                                                                                                                                                                                      Function 005B2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 005B2C05
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 005B2C87
                                                                                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 005B2C9D
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 005B2CAE
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 005B2CC0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 060e947d6361f726b88811e7ec1999b1ee54610221dd2ef743c70164805e62e3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c93994549d49834e4fa94b7a66a887758bfdc55d8c2534e97c1fcf0be733887f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 060e947d6361f726b88811e7ec1999b1ee54610221dd2ef743c70164805e62e3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1B15D7290111AABDF21DBA4CC89EDEBF7DFF48350F1040A6F609E7155EA30AA448F61
                                                                                                                                                                                                                                                                                                                                                      Function 005CA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 005CA427
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 005CA435
                                                                                                                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 005CA468
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005CA63D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e70c21467baac0fa2028ceb701d97802e1a05e8c03db54ee768057bfaa87f404
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 173a967ce8594e78008c55503d99ce2f19623fd65d530c4eccf56cab4972ca3c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e70c21467baac0fa2028ceb701d97802e1a05e8c03db54ee768057bfaa87f404
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5A18E71604301AFD720DF24C886F2ABFE5BB84718F14885DF95A9B392D771EC458B92
                                                                                                                                                                                                                                                                                                                                                      Function 0057BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,005E3700), ref: 0057BB91
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0061121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0057BC09
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00611270,000000FF,?,0000003F,00000000,?), ref: 0057BC36
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057BB7F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000), ref: 005729DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: GetLastError.KERNEL32(00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000,00000000), ref: 005729F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057BD4B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8df3303daf09fc330453a405ec8c7eafde1b1460eacd369c08e4be005acbd1cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 00a12e1fad83616d4f1942b46ab89780fe7b3d253046963aaede006fb70f413e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8df3303daf09fc330453a405ec8c7eafde1b1460eacd369c08e4be005acbd1cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3951F97190020A9FEB10EF65AC45AAEBFBDFF81310F14C66AE518D7191DB305E81EB50
                                                                                                                                                                                                                                                                                                                                                      Function 005AE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,005ACF22,?), ref: 005ADDFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,005ACF22,?), ref: 005ADE16
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AE199: GetFileAttributesW.KERNEL32(?,005ACF95), ref: 005AE19A
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 005AE473
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 005AE4AC
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005AE5EB
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005AE603
                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 005AE650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4c7658d9315715136221bafb1fa4f87b72784992d0bd5ee4d3907e36ff112bf6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b99163356b8bd206c0b6244b92c70eb96018cd478f68f1510a30256635bc94bf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c7658d9315715136221bafb1fa4f87b72784992d0bd5ee4d3907e36ff112bf6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 105171B24083465BC724EB94D8869DFBBECBFC5340F00492EF689D3151EE75A588C766
                                                                                                                                                                                                                                                                                                                                                      Function 005CB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,005CB6AE,?,?), ref: 005CC9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CC9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CCA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005CC998: _wcslen.LIBCMT ref: 005CCA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 005CBAA5
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 005CBB00
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 005CBB63
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 005CBBA6
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 005CBBB3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3299f2172ebd7fdc10e99fa584486b69bedd62ca102dbec76ab8a3868eea5865
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 24707bb2bf9c88a27b2bd9c990da1af4981fcd50dffda31a59e6f91a3f1fe4d2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3299f2172ebd7fdc10e99fa584486b69bedd62ca102dbec76ab8a3868eea5865
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6616C31208242AFD714DF54C895F6ABBE5FF84308F14895DF49A8B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 005A8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 005A8BCD
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 005A8C3E
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 005A8C9D
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005A8D10
                                                                                                                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 005A8D3B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 14a669672e5dfa192e982e790d90a25b4f906d4fcde80d79120fdbcf494c2957
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7d98c0d6c7f0af809beb536a7112fa11e560897305e8b28ccf62ca834743227c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14a669672e5dfa192e982e790d90a25b4f906d4fcde80d79120fdbcf494c2957
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD515DB5A0061AEFCB14CF58C894AAABBF9FF89314B15855AF905DB350E730E911CF90
                                                                                                                                                                                                                                                                                                                                                      Function 005B8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 005B8BAE
                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 005B8BDA
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 005B8C32
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 005B8C57
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 005B8C5F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 10f1a3cafad7173943fb9660f482099c78ac1b1bd65898f745d30aa669b38ff7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9371b1176cbd62a6dd6a83eb016e73f98e0695ada4eabe465d7e77b6341b9588
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10f1a3cafad7173943fb9660f482099c78ac1b1bd65898f745d30aa669b38ff7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26513975A00219DFCB14DF64C885AA9BFF5FF88318F088459E849AB362DB35ED45CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005C8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 005C8F40
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 005C8FD0
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 005C8FEC
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 005C9032
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 005C9052
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,005B1043,?,7644E610), ref: 0055F6E6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0059FA64,00000000,00000000,?,?,005B1043,?,7644E610,?,0059FA64), ref: 0055F70D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3415ff69332b79918deb992e32efd93cce027f03519cec8b252b439ef1031ab8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54f567918929f3ea91886322a58289ad63ebf74b53bd5c0bd8508c611bd2f17e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3415ff69332b79918deb992e32efd93cce027f03519cec8b252b439ef1031ab8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5451F835605216DFC715DF98C499DE9BFB1FF89314B048099E809AB362DB31ED85CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005D6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 005D6C33
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 005D6C4A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 005D6C73
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,005BAB79,00000000,00000000), ref: 005D6C98
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 005D6CC7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99d9b86f3b27d2d821d0d2b6964fc33271fcbdb45f9d540226bf065d35b4df39
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c856ca0a2c5b9767d5ed1a18a1384281d9779907e94e8adc6537d6faf47cf48e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99d9b86f3b27d2d821d0d2b6964fc33271fcbdb45f9d540226bf065d35b4df39
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6741AC35A14104AFDB34CF2CCC58BA97FA5FB09360F15066BE999AB3A0C771ED42DA40
                                                                                                                                                                                                                                                                                                                                                      Function 00572051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 040671808065c04629210e1b8d44fe8254aed6ca70538a56f34033d8646ddda2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 45e7c7ea4fa9544de9954af39557d4a576043a9ab5c2c91e46cf1f04f22ca350
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 040671808065c04629210e1b8d44fe8254aed6ca70538a56f34033d8646ddda2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6410432A002009FCB20DF78D885A5EBBF5FF89314F158569EA19EB351D731AD01DB90
                                                                                                                                                                                                                                                                                                                                                      Function 0055912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00559141
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 0055915E
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00559183
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 0055919D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3416e5cbfdc7a7c57b1b501c5df65a6c7dadbed9bd7c29d99ade18f514309f3b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac36810d6e1faa92d1cbc0b42f4977856b47012a0244c1fa15f96c64f04eb68e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3416e5cbfdc7a7c57b1b501c5df65a6c7dadbed9bd7c29d99ade18f514309f3b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C441603190861BFBDF159F68C858BEEBB74FB49321F20421BE825A7290C7345D54DB91
                                                                                                                                                                                                                                                                                                                                                      Function 005B3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 005B38CB
                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 005B3922
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 005B394B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 005B3955
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 005B3966
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4e1f4637c29ca5500fe1210633ff72d410cba659a4d8bdb6230176045457883b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec9742f35cc94d299d0660f3ab1049dc323b80e7b18e9792ceae99832389e101
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e1f4637c29ca5500fe1210633ff72d410cba659a4d8bdb6230176045457883b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D31D770505346AEEB35CF349849BF63FA9FB16300F08456FE562E60A0E7B4B685CB11
                                                                                                                                                                                                                                                                                                                                                      Function 005BCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,005BC21E,00000000), ref: 005BCF38
                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 005BCF6F
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?,005BC21E,00000000), ref: 005BCFB4
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,005BC21E,00000000), ref: 005BCFC8
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,005BC21E,00000000), ref: 005BCFF2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d4ad8a45cca289feedc8cd36e5a63fae304d30d596020fba45ae61d93d0f34e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30206e68cc38297f9893d679fbdb444b41305305cfca32f003c70f74a460078c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d4ad8a45cca289feedc8cd36e5a63fae304d30d596020fba45ae61d93d0f34e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83314971A00606AFDB20DFA5C885ABBBFF9FB14355B1044AEF546D2241EB30BE44DB64
                                                                                                                                                                                                                                                                                                                                                      Function 005A1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005A1915
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 005A19C1
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 005A19C9
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 005A19DA
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 005A19E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3ef64f050fa14c4e39cab7339651827c075ab3aec25e86c41b19a6bf61d40fe7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d72474caa0ef29ff45300afc9adbf6d1f98aec9950795273f4df629417209e83
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ef64f050fa14c4e39cab7339651827c075ab3aec25e86c41b19a6bf61d40fe7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2631BF71A0021AEFCB10CFA8CD99ADE3FB5FB55315F10422AF921AB2D1C7709944DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005D5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 005D5745
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 005D579D
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D57AF
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D57BA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 005D5816
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aa99be56b81bcc69bacf75cd5d846f3b0046bbed7b870bf037c9e34cd792b75d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b72216e8e5ea2ee01dcff17be55f1dc5bdbe3c1a5117961f5bf30666bb8c2fb1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa99be56b81bcc69bacf75cd5d846f3b0046bbed7b870bf037c9e34cd792b75d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2219E31904618DADB308FA8CC84AEE7FB8FF54360F108617E929EB280E7708985CF50
                                                                                                                                                                                                                                                                                                                                                      Function 005C0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 005C0951
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 005C0968
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 005C09A4
                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 005C09B0
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 005C09E8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fc8f145fc008855a734d802be0a0a83ad97773ad6830c4496f0b0ac6dd27fb46
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f66388c101c4d75bc76228d288cefacf0dbd06e2dbb6a29c211b997965848af6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc8f145fc008855a734d802be0a0a83ad97773ad6830c4496f0b0ac6dd27fb46
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45215E35600215AFD754EF69C989AAEBFE9FF84700F04846EE84A97352DA30EC08DB50
                                                                                                                                                                                                                                                                                                                                                      Function 0057CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 0057CDC6
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0057CDE9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00573820: RtlAllocateHeap.NTDLL(00000000,?,00611444,?,0055FDF5,?,?,0054A976,00000010,00611440,005413FC,?,005413C6,?,00541129), ref: 00573852
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0057CE0F
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057CE22
                                                                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0057CE31
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6d666091638620d0bedd2cdd1cac29722ca1a55a43d6080c9b4c5dcf27988d1a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 75224eebb94b34242137f98f44043d4f1cae5c6f2cb42f29d07b54f3fe56583b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d666091638620d0bedd2cdd1cac29722ca1a55a43d6080c9b4c5dcf27988d1a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 180175726026167F272256B67C4CD7B6E6DFBC6BA1315812EFD09C7201DA618D01F1B0
                                                                                                                                                                                                                                                                                                                                                      Function 00559639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00559693
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 005596A2
                                                                                                                                                                                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 005596B9
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 005596E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fe6c9a52dc42171b7063fb57059c192e0a330818e89d954792d250729011419b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e334b7d1f06dc22ae16503419257fef17edd634927f846b31b57df6ed4eed53f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe6c9a52dc42171b7063fb57059c192e0a330818e89d954792d250729011419b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE21C53080234AEFDB108F64DC287E93FA6BB11312F148617F9209A1B0D378588DDF90
                                                                                                                                                                                                                                                                                                                                                      Function 005A5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67db861b2ffead4b89927eab8356b95df1f3dcc0a34122a531f371997661bb9c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7545bd5df7abafb88f9cb26611afba037c084087003fb7f2a4f19e01743d465e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67db861b2ffead4b89927eab8356b95df1f3dcc0a34122a531f371997661bb9c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97019671745A15FBE21855149D42EBE7F5CFB623E4B044822FE16AB741F770ED1083A4
                                                                                                                                                                                                                                                                                                                                                      Function 00572DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,0056F2DE,00573863,00611444,?,0055FDF5,?,?,0054A976,00000010,00611440,005413FC,?,005413C6), ref: 00572DFD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572E32
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572E59
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00541129), ref: 00572E66
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00541129), ref: 00572E6F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e8c04804dffb328b3923e3bcb202b7194db4d278843b57e07ba62f17329765f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 45a162c999b9c08bfd52c9384d78d7181287f5b78ccd6451b95788049114b883
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e8c04804dffb328b3923e3bcb202b7194db4d278843b57e07ba62f17329765f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B01D6365456026BC71227387C49D3B2E5EBBD5371F25C529FC2D921D3EA608C457020
                                                                                                                                                                                                                                                                                                                                                      Function 005A000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?,?,?,005A035E), ref: 005A002B
                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?,?), ref: 005A0046
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?,?), ref: 005A0054
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?), ref: 005A0064
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0059FF41,80070057,?,?), ref: 005A0070
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f1fd9767fba27710c4ea9157ff814d34a562da8efc0ec066ec543d68518edf6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a9430111e125206e77d3e66f8577889cca31b6884fd4f4dcea7c80b54f4950bf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f1fd9767fba27710c4ea9157ff814d34a562da8efc0ec066ec543d68518edf6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8601B472611205ABDB204F69DC08FAE7FAEFB48392F105126F901D2250EBB0DD04ABA0
                                                                                                                                                                                                                                                                                                                                                      Function 005AE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 005AE997
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 005AE9A5
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 005AE9AD
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 005AE9B7
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 005AE9F3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d827d23c14aee56a0355a84eb7bea8c6f99b8318114f70f1fd4d23258394c8eb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 242d2b69a111e1b3cb1b224a182a021f2aba3afe024061bf690eabc11a8faa64
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d827d23c14aee56a0355a84eb7bea8c6f99b8318114f70f1fd4d23258394c8eb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53011731C0262ADBCF10ABE5D85AAEEBF78BB1A701F000556E902B2241CB349559DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 005A10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 005A1114
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A1120
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A112F
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,005A0B9B,?,?,?), ref: 005A1136
                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 005A114D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75d0a50f7274f03439b2b8a4a1545dc999763bdfeaea616d96220ac132ea0d6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4da2cd073379d99969a94e1eae20fa11afda3e293aa7675b871a3649846caaf2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75d0a50f7274f03439b2b8a4a1545dc999763bdfeaea616d96220ac132ea0d6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94016975201616BFDB214FA4DC49A6A3F6EFF8A3A4B20041AFA41C3360DA31DC40EA60
                                                                                                                                                                                                                                                                                                                                                      Function 005A0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 005A0FCA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 005A0FD6
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 005A0FE5
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 005A0FEC
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 005A1002
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be94b06e961c7f98eb5b484581a2c6aa72892233e2fff65f1c49aed67cade4a4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0f7593ecc188e29cc3ad5fb5e05e6e8492194b8cd27cbb5ba805d98d07406f64
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be94b06e961c7f98eb5b484581a2c6aa72892233e2fff65f1c49aed67cade4a4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7F0A935201312EBDB210FA59C4DF5A3FADFF9A762F100416FA05C6290DA30DC40DA60
                                                                                                                                                                                                                                                                                                                                                      Function 005A1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 005A102A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 005A1036
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 005A1045
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 005A104C
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 005A1062
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e973fa2342a68ef9268c3eb69dd84d4978f29ff8f61d5078055f2ed21f61377a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e6b8e1845f03387b63506b4c7cd1b42ec8a43e615c3b92123f6e24455ed4339d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e973fa2342a68ef9268c3eb69dd84d4978f29ff8f61d5078055f2ed21f61377a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF0CD35201312EBDB211FA6EC4CF5A3FADFF9A761F100416FA05C7290CA70D840DA60
                                                                                                                                                                                                                                                                                                                                                      Function 005B030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,005B017D,?,005B32FC,?,00000001,00582592,?), ref: 005B0324
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,005B017D,?,005B32FC,?,00000001,00582592,?), ref: 005B0331
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,005B017D,?,005B32FC,?,00000001,00582592,?), ref: 005B033E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,005B017D,?,005B32FC,?,00000001,00582592,?), ref: 005B034B
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,005B017D,?,005B32FC,?,00000001,00582592,?), ref: 005B0358
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,005B017D,?,005B32FC,?,00000001,00582592,?), ref: 005B0365
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ed2b3b3eca81b9df78e7a19fb5c9428eedd207800e52c1b767373494072f1da
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02a5b15cd86aeeb465d8bbc20c67fff8e2a39414e19f95332b161f859ea8b630
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ed2b3b3eca81b9df78e7a19fb5c9428eedd207800e52c1b767373494072f1da
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A701D872800B058FCB30AF6AD880847FBF9BE602063049E3FD19252970C3B0B988CE80
                                                                                                                                                                                                                                                                                                                                                      Function 0057D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D752
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000), ref: 005729DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: GetLastError.KERNEL32(00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000,00000000), ref: 005729F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D764
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D776
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D788
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057D79A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 734d3bb82bd5df573146ead051933dd36697b064b963204032637e37184b0928
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cbf94719ed48ea2758eaf06b3ecd9588fd6ba6fbfd16fefb14e1077d3702dab4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 734d3bb82bd5df573146ead051933dd36697b064b963204032637e37184b0928
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EBF0C932584205ABC625AB68F985916BFFAFB84720F989905F14DE7542C624FCC09674
                                                                                                                                                                                                                                                                                                                                                      Function 005A5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 005A5C58
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 005A5C6F
                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 005A5C87
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 005A5CA3
                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 005A5CBD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bf70a7332b2bd7a2d2afefdbdb13070e910f3fa2cb0a3cad27e023609bf6c8f9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 31cd5b0735dd23db4dba6ef54e730dbf793e814fa94a71f4cdfc34a51b621c00
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf70a7332b2bd7a2d2afefdbdb13070e910f3fa2cb0a3cad27e023609bf6c8f9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95018B305017059BEB305B14ED5EF9A7FB8FB11705F00165BA543614E1E7F49D48DA50
                                                                                                                                                                                                                                                                                                                                                      Function 005722A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 005722BE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000), ref: 005729DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005729C8: GetLastError.KERNEL32(00000000,?,0057D7D1,00000000,00000000,00000000,00000000,?,0057D7F8,00000000,00000007,00000000,?,0057DBF5,00000000,00000000), ref: 005729F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 005722D0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 005722E3
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 005722F4
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00572305
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a0ac87a1613d7c135a218a1cbca88fcae1999d7aec82ad2d26ffb0def326fac7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5b0efab6f35c4c367e51f7e16e28d009bfc3ee2667d788f9a19a081e4ef165b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0ac87a1613d7c135a218a1cbca88fcae1999d7aec82ad2d26ffb0def326fac7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AF030744411118BCB12AF65BC068897F67B719760F0DE607F51CD72B1C77506D2BBA4
                                                                                                                                                                                                                                                                                                                                                      Function 005595C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 005595D4
                                                                                                                                                                                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,005971F7,00000000,?,?,?), ref: 005595F0
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00559603
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 00559616
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00559631
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fde154ed55e60ace17657bda7b7fd7499d4cb69430b700af05449617a3f66727
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 31479a413a6931bc23802f748c788009e92058e055e58b83206e9443363f6a87
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fde154ed55e60ace17657bda7b7fd7499d4cb69430b700af05449617a3f66727
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03F03134006249DBDB225F55ED1C7A83F62BB12322F08D617F925590F0C734855DDF60
                                                                                                                                                                                                                                                                                                                                                      Function 00570F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 799fc7a937f394fcdea21743d796c2dedff3e59a9feb5897b6f78797f841c3a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a9c5d6c2b3b212f955c8c4a94466cb1722db0c0a031f09b4f5eab6f8223ae8c7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 799fc7a937f394fcdea21743d796c2dedff3e59a9feb5897b6f78797f841c3a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BD11475910A06CBDB248F6CE899BFABFB1FF05300F248919E509AB641D3359D80EB59
                                                                                                                                                                                                                                                                                                                                                      Function 005C61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00560242: EnterCriticalSection.KERNEL32(0061070C,00611884,?,?,0055198B,00612518,?,?,?,005412F9,00000000), ref: 0056024D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00560242: LeaveCriticalSection.KERNEL32(0061070C,?,0055198B,00612518,?,?,?,005412F9,00000000), ref: 0056028A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005600A3: __onexit.LIBCMT ref: 005600A9
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 005C6238
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005601F8: EnterCriticalSection.KERNEL32(0061070C,?,?,00558747,00612514), ref: 00560202
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005601F8: LeaveCriticalSection.KERNEL32(0061070C,?,00558747,00612514), ref: 00560235
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005B359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005B35E4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005B359C: LoadStringW.USER32(00612390,?,00000FFF,?), ref: 005B360A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                      • String ID: x#a$x#a$x#a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1072379062-3060519877
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f4ee9ac58c23fefba49d397fa399119dbb8a34b39aaa462166174f884aa534b0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec5994a2d2c1ee25688f7847fef3a136e4422c6c1a81c562344efbf89bcf21a0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4ee9ac58c23fefba49d397fa399119dbb8a34b39aaa462166174f884aa534b0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAC14D75A00106AFCB14DF98C895EAEBBB9FF48300F14846EE9559B291DB70EE45CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00575AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: JOT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2578126627
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dda7378bfef9d52616dfc64efb7bcac7c969fdd0d5beeba59b59099dc2ab4a82
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d98de578ad8f4c25e80ba4ecffc04d917135478e126a767207e0543217d082e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dda7378bfef9d52616dfc64efb7bcac7c969fdd0d5beeba59b59099dc2ab4a82
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF51DF75D0060A9FCB219FA4E849FBE7FB8FF45310F14805AF409A7291E7B19901EB61
                                                                                                                                                                                                                                                                                                                                                      Function 00578A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00578B6E
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00578B7A
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00578B81
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID: .V
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2434981716-732867087
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ee1fec47361f01666ce3fee8f21cf2b02bf241b3c378a2e518d8e10f84ff8f38
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f8c4109a5bf4c3d14e67c6a56a98a3eca7e9e2398cd84dd68cfa49a8f0568623
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee1fec47361f01666ce3fee8f21cf2b02bf241b3c378a2e518d8e10f84ff8f38
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04418C70604045AFDB249F25EC99A797FA6FB85310F2CC5AAF88D87642DE318C02A790
                                                                                                                                                                                                                                                                                                                                                      Function 005A2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,005A21D0,?,?,00000034,00000800,?,00000034), ref: 005AB42D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 005A2760
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,005A21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 005AB3F8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AB32A: GetWindowThreadProcessId.USER32(?,?), ref: 005AB355
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,005A2194,00000034,?,?,00001004,00000000,00000000), ref: 005AB365
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,005A2194,00000034,?,?,00001004,00000000,00000000), ref: 005AB37B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 005A27CD
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 005A281A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9041ee3c8cc634e062da96945995d6c7525111c9e85d09920e384250fb909189
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f92cf4888b2c7c19b9c44342d6edf5e29a6089a145506bb69895c85488bb408c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9041ee3c8cc634e062da96945995d6c7525111c9e85d09920e384250fb909189
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7411D72900219AFDF10DBA8CD46ADEBBB8FF4A700F104059FA55B7181DB706E45CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 0057172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\kjDPynh9vQ.exe,00000104), ref: 00571769
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00571834
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0057183E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\kjDPynh9vQ.exe
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-3147343741
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c52c44f6a91d3e8c4d92a6468c46ac62f58effd64368d696e457eb7cd5af168f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 08f3b3722aed24c507e49ee41d43404747d97d3c21acbf3abdca60ed7ffdd5fa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c52c44f6a91d3e8c4d92a6468c46ac62f58effd64368d696e457eb7cd5af168f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31BF71A00619ABCB25DF99A885D9EBFBCFB85310F148166E90897211D6708A80EB95
                                                                                                                                                                                                                                                                                                                                                      Function 005AC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 005AC306
                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 005AC34C
                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00611990,01054D90), ref: 005AC395
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 49b7ef24489901bb72ae61b1556c90f8174f6149e917d7a053f8124e14f920da
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 60dfc8f3a7ed5bee560762c8388c4054334c847558e14b406c8e8334933803ef
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49b7ef24489901bb72ae61b1556c90f8174f6149e917d7a053f8124e14f920da
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B4180312083029FDB24DF25D845B5EBFE8BF86310F148A5EF9A597291D770A904CB52
                                                                                                                                                                                                                                                                                                                                                      Function 005D4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,005DCC08,00000000,?,?,?,?), ref: 005D44AA
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 005D44C7
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005D44D7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8400c4bcccbf4a224842594dc6c9b988ce6ea5c317a8c865397c08880039d1ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: db032cdf659c8a5f82f3de3674aa3506ada050f0365365026e493c0e8a01f6af
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8400c4bcccbf4a224842594dc6c9b988ce6ea5c317a8c865397c08880039d1ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4317E31210206AFDF208E38DC49BEA7BA9FB49324F204717F975922E0D774EC949B50
                                                                                                                                                                                                                                                                                                                                                      Function 005A6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SysReAllocString.OLEAUT32(?,?), ref: 005A6EED
                                                                                                                                                                                                                                                                                                                                                      • VariantCopyInd.OLEAUT32(?,?), ref: 005A6F08
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005A6F12
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                                                                                                                      • String ID: *jZ
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2173805711-3728155107
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 550e8a7026771a09a68493a306a315406ac6aa0c707886663ed2966f8a2d2c46
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7a51ac625d73d0b05c2c44a8ded4adfb3a53fb2b03e825ea768cae8a1f451494
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 550e8a7026771a09a68493a306a315406ac6aa0c707886663ed2966f8a2d2c46
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E31C272604216DFCB04AFA4E8559FE7FB6FF86304B140899F8024B2A1C730D956DBE0
                                                                                                                                                                                                                                                                                                                                                      Function 005C304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005C335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,005C3077,?,?), ref: 005C3378
                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 005C307A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005C309B
                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000,?,?,00000000), ref: 005C3106
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 810a3ee0e27f4afe91cc86fd1fe6793913213971ff2087ddbb4e2baef3995355
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 61faf7e6a638df4adc03fceb507feb793ec3ca3a76abe0d33303346de51c030e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 810a3ee0e27f4afe91cc86fd1fe6793913213971ff2087ddbb4e2baef3995355
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C431A23660020A9FC710CFA8C489FAA7BE1FF54318F18C459E5159B392D772DE45C761
                                                                                                                                                                                                                                                                                                                                                      Function 005D4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 005D4705
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 005D4713
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 005D471A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1d008f64ec3e66bb48f541d6776dafae272d5653d40d1bda6ef67486630caa88
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fa79a493275aaaec858b2b29a312e276bd7f9b4c9d4b883601224015c3c09def
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d008f64ec3e66bb48f541d6776dafae272d5653d40d1bda6ef67486630caa88
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1214FB5601205AFDB20DF68DCC5DA73BADFB9A394B04045BFA019B351CB31EC11CA60
                                                                                                                                                                                                                                                                                                                                                      Function 005A95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 255c2ec0120b236bafb0b0e67f1f937c2faa5662e5aeef72c7f19e06d63aacd0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4327224e1c0a928c808ed4431c0ceb64dba6f2dd8befe4ea807e9302f1177cc0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 255c2ec0120b236bafb0b0e67f1f937c2faa5662e5aeef72c7f19e06d63aacd0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF21353260423266D331AA289C06FBF7F9CBFDA300F104427F94A97181EB51AD51C3E5
                                                                                                                                                                                                                                                                                                                                                      Function 005D37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 005D3840
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 005D3850
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 005D3876
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 32b294bb44d0fb48594f2909731821c9a69a088b02ef854092473de8519900cf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d354ed3552d6fbaf8b1a4d4ba0b8284808693590fe7dae6140c647f9e03158c8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32b294bb44d0fb48594f2909731821c9a69a088b02ef854092473de8519900cf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C521B072611119BBEF218F58CC45FBB3B6AFF89750F108126F9049B290C671DD52D7A0
                                                                                                                                                                                                                                                                                                                                                      Function 005B49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 005B4A08
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 005B4A5C
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,005DCC08), ref: 005B4AD0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a4de734e349014cb80930fafad57c707b6987594e1e2978fbf7dbd084ce0715
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4cc417d72854f1ecc08d1a27eaf8d8335cce0738596c8035ea1af6264090ab4c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a4de734e349014cb80930fafad57c707b6987594e1e2978fbf7dbd084ce0715
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84314C75A0021AAFDB20DF54C885EAE7BF9FF48308F1480A5E909DB252D771ED46CB61
                                                                                                                                                                                                                                                                                                                                                      Function 005D41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 005D424F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 005D4264
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 005D4271
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4996e2b9745ee40f36a3d9a08ca584377ec48bafb8fcce8e66835fa635ddaeee
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 19ca7e20893425c821f5d470e37e2ba49db5119798f61948db1174e088b83fc3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4996e2b9745ee40f36a3d9a08ca584377ec48bafb8fcce8e66835fa635ddaeee
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5711CE31240208BFEF205E68CC06FAB3BA8FB95B64F114526FA55E61A0D671D811DB20
                                                                                                                                                                                                                                                                                                                                                      Function 005A2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 005A2DC5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 005A2DD6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A2DA7: GetCurrentThreadId.KERNEL32 ref: 005A2DDD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 005A2DE4
                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 005A2F78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A2DEE: GetParent.USER32(00000000), ref: 005A2DF9
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 005A2FC3
                                                                                                                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,005A303B), ref: 005A2FEB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4c87cacb252dd2226c974e3941826b1292145bd670c865d749168dec741086ce
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: deee6b2abd6a1a3b470fe79cb196531af783a7af97fd78db27c0abb77d8cc480
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c87cacb252dd2226c974e3941826b1292145bd670c865d749168dec741086ce
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA11A5716002066BCF14BF649C8AEEE3F6ABFD5308F044076FD099B192DE309949DB61
                                                                                                                                                                                                                                                                                                                                                      Function 005D5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005D58C1
                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005D58EE
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 005D58FD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e6d2784cba914642100f6473c8caee934b6e26775daf331028a174be7c9c7e7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e6b0f32cea328c5a43bd480a69927b61c77208d9540337aef415d2b9126f5981
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e6d2784cba914642100f6473c8caee934b6e26775daf331028a174be7c9c7e7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A015E31500219EFDB619F15DC45BAEBFB8FB45361F10809BF849D6251EB308A84EF21
                                                                                                                                                                                                                                                                                                                                                      Function 005A007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: adc2a312e70f5ed5b4706f4b661b07fc420ba1099b293d0e7783c3744972da1c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bcf68971ef37ef37f59049ac58d87b844548f9ebaba0eab02a81e238679cb015
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adc2a312e70f5ed5b4706f4b661b07fc420ba1099b293d0e7783c3744972da1c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FC18B75A1020AEFCB14CFA4C898BAEBBB5FF49314F209599E405EB291D731ED41DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005C342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 027885f94034783a97f775090ba6fcc94cad506e90a7c3545adda45124ebc9dd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0ddc2f977bbc5cc2417354de2a50153d21e7ca653cc6adbb5895f5c110928d6b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 027885f94034783a97f775090ba6fcc94cad506e90a7c3545adda45124ebc9dd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80A135756042159FCB10DF68C489E6ABBE5FF88714F04885DF98A9B362DB30EE05CB91
                                                                                                                                                                                                                                                                                                                                                      Function 005A0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,005DFC08,?), ref: 005A05F0
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,005DFC08,?), ref: 005A0608
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,005DCC40,000000FF,?,00000000,00000800,00000000,?,005DFC08,?), ref: 005A062D
                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 005A064E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 40a39a349353afce494dcfef1be054e2baf62a99a60610d8817c024384444a29
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d40add856eef830ebb4e8ab001e7ee1af2b67fa347d08d1afe1e293ab621722f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40a39a349353afce494dcfef1be054e2baf62a99a60610d8817c024384444a29
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85810C71A10109EFCB04DF94C988DEEBBB9FF89315F204559E516AB290DB71AE06CF60
                                                                                                                                                                                                                                                                                                                                                      Function 005CA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 005CA6AC
                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 005CA6BA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 005CA79C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005CA7AB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00583303,?), ref: 0055CE8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 35cc8f682e827ec0284533885587dfe947b679846b73ada469d993fd8bc34279
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ad24fb6e81880d4955a843988b7791977ae1c4ff6ffbe81fa1f8d443b96e2b7c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35cc8f682e827ec0284533885587dfe947b679846b73ada469d993fd8bc34279
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4451F771508311AFD710DF64C88AAABBBE8FFC9758F00491DF58597252EB70D904CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00581391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2433b8db1bb8f9137fe15fb4089dc044c74d0489ea5bdc2aef9c2db0b4f445ce
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 82f3258e96ec9188ca0c213007817775dcc2edc139eff7cfbf035490fe80a604
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2433b8db1bb8f9137fe15fb4089dc044c74d0489ea5bdc2aef9c2db0b4f445ce
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C414D35A009026BDF217BB89C49ABE3FADFF81330F144625FC19E71A2E67448425765
                                                                                                                                                                                                                                                                                                                                                      Function 005D6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005D62E2
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 005D6315
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 005D6382
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f6d3297fd6c8927cc7251ea6859d8d8f53bf3d7e2ee2909272dd6b82f451e78
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d41a60f771b15b5cac5ef4e97868df2806b8ec7128fc82175f454028286f87d2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f6d3297fd6c8927cc7251ea6859d8d8f53bf3d7e2ee2909272dd6b82f451e78
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33511A74A00209AFCF20DF68D8809AE7BB6FB55360F14865BF9159B390D730ED82CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005C1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 005C1AFD
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C1B0B
                                                                                                                                                                                                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 005C1B8A
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005C1B94
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67ee26a9e4593564a6029c461ac0366b5e2ac0638696cf1e5405e7d4b79edbc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 39f09d8b6730c5e4378bba051e5bd59d4357afca4a153d09285036c439d4d4ba
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67ee26a9e4593564a6029c461ac0366b5e2ac0638696cf1e5405e7d4b79edbc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4419E34600602AFE720AF24C88AF697BE5BB85718F54844DF91A9F3D3D772DD428B90
                                                                                                                                                                                                                                                                                                                                                      Function 0057B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 92fdb27d50486639ab139e1c6f0ec54c043b6ba8bcf157216b2d7cfd370fa073
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ace65a7d3f779963a006ec3f7b2c798f55f21a424f6eacf78f3dbe6977ac3ecb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92fdb27d50486639ab139e1c6f0ec54c043b6ba8bcf157216b2d7cfd370fa073
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7410875A00705AFEB24AF38DC49B6ABFFAFBC4710F10852AF549DB282D77199019780
                                                                                                                                                                                                                                                                                                                                                      Function 005B56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 005B5783
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 005B57A9
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 005B57CE
                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 005B57FA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 902a3bf67cade7fc6f8a7b90509b47ac08e69a2c7913a3a8dfbf7f422978abba
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 70938e69581dfd3759bb39818b22b6cb3ed70c08c4bddec8e578688d257d774f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 902a3bf67cade7fc6f8a7b90509b47ac08e69a2c7913a3a8dfbf7f422978abba
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD410939600611DFCB15DF15C548A9DBFE1FF89324B188889E84AAB362DB34FD04CB91
                                                                                                                                                                                                                                                                                                                                                      Function 0057D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00566D71,00000000,00000000,005682D9,?,005682D9,?,00000001,00566D71,?,00000001,005682D9,005682D9), ref: 0057D910
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0057D999
                                                                                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0057D9AB
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 0057D9B4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00573820: RtlAllocateHeap.NTDLL(00000000,?,00611444,?,0055FDF5,?,?,0054A976,00000010,00611440,005413FC,?,005413C6,?,00541129), ref: 00573852
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0cadee924e4df6327f5cbfbf43ab2de9df3a4bb2fd684f40a38402d20d733e46
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3b4f6e480dbe2af5513de7634ee72ed7b70df7587d2e2b1087b43d59d71455e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0cadee924e4df6327f5cbfbf43ab2de9df3a4bb2fd684f40a38402d20d733e46
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A31BD72A0021AABDB249F64EC45EAE7FB5FF40350F058269FD0897250EB35CD54EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005D52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 005D5352
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D5375
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005D5382
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005D53A8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 28cf4a7524922b691ebbf1609542815718fa06f52fa090e16be9973213fcdeb7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0849eb34c5a9c419639d380380565fc8180291b9533f77e53285c64f0577583a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28cf4a7524922b691ebbf1609542815718fa06f52fa090e16be9973213fcdeb7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A831C434A55A08EFEB349E1CCC15BE87F66BB05390F984903FA10963E1E7B49950EB42
                                                                                                                                                                                                                                                                                                                                                      Function 005AAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 005AABF1
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 005AAC0D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 005AAC74
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 005AACC6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b337e89b656db37155db0c73607ab29b9e9734d46343ab758c6e151d059aa039
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6dffe5e18e866ee4de07ff1b3af8b6d029c297259eb63c4116b1d9d804484f9a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b337e89b656db37155db0c73607ab29b9e9734d46343ab758c6e151d059aa039
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71311630A00619AFFF368B6488287FE7FA6BB86330F04461AF481961D1C3758D85D752
                                                                                                                                                                                                                                                                                                                                                      Function 005D7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 005D769A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005D7710
                                                                                                                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,005D8B89), ref: 005D7720
                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 005D778C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a98318b5b4094543d710cbdcc6d18880e4e7f988b892f86a9af9fb0779f6563d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9c4892438c12eebf66a2605683e24a579a1de0491d11d9e4196db1a36866df00
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a98318b5b4094543d710cbdcc6d18880e4e7f988b892f86a9af9fb0779f6563d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7415D34A092199FCB21CF5CC894EA97BF5FB49314F1989ABE5249B361E730E941CB90
                                                                                                                                                                                                                                                                                                                                                      Function 005D16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 005D16EB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 005A3A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: GetCurrentThreadId.KERNEL32 ref: 005A3A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005A25B3), ref: 005A3A65
                                                                                                                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 005D16FF
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 005D174C
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 005D1752
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 13a980940accdf1ae624154a0f85850d492794bc567b68865c7a1594266c8a7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9e3c2b1015818f7e94a48294ec0fa4277e7660eb3a2dbe1dddebab9da3f390e5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13a980940accdf1ae624154a0f85850d492794bc567b68865c7a1594266c8a7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C314D75901249AFCB10DFA9C8858EEBBF9FF88308B5080AAE415E7211D6319E45CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005D8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00559BB2
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 005D9001
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00597711,?,?,?,?,?), ref: 005D9016
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 005D905E
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00597711,?,?,?), ref: 005D9094
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a8c78e19579213b4a2f8a4d1d9d23d69fd3360b01c7bbce08baf2a91bfe67516
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cc479f249404c36d3d7df94adde27d94c9b5000a068c2bf8e95299b9c4e6e35e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8c78e19579213b4a2f8a4d1d9d23d69fd3360b01c7bbce08baf2a91bfe67516
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A219135601018EFDB259F98D858EEA7FB9FF8A350F048157F9059B261C3319950EB61
                                                                                                                                                                                                                                                                                                                                                      Function 005AD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,005DCB68), ref: 005AD2FB
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 005AD30A
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 005AD319
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,005DCB68), ref: 005AD376
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f3d82f5464f92f777d275d8b69ac7132d65db30dd6464307815181a7dfd4a560
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e8326c50d7a6ffa10662ddd011e46d3168154806d1059f5c92b19486127dff7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3d82f5464f92f777d275d8b69ac7132d65db30dd6464307815181a7dfd4a560
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89215E745052029F8B10EF28C8854AEBFE4BE96364F504E1BF49AC72A1D731D949CBA3
                                                                                                                                                                                                                                                                                                                                                      Function 005A1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 005A102A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 005A1036
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 005A1045
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 005A104C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 005A1062
                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 005A15BE
                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 005A15E1
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 005A1617
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005A161E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ccdbce8ea9f78e7a5e25ef54bfdf50364ef51cdff317884999628d3fd4eb198b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0333705b1bc159d48d0f8dd24bd9cce9307d4d72186bccfcbd1d4bb62212db08
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccdbce8ea9f78e7a5e25ef54bfdf50364ef51cdff317884999628d3fd4eb198b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0215731E41509ABDF10DFA4C949BEEBBB8FF85344F084459E441AB241E730AA05DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 005D2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 005D280A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005D2824
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005D2832
                                                                                                                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 005D2840
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1522710d47d2c0318906c4e017705e8fac9e9a685330276d9b0c8faaf21e639
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c467887bc3c78acca2d5bdd0e280e8818e56a1e6d54859ebaada0a0336908352
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1522710d47d2c0318906c4e017705e8fac9e9a685330276d9b0c8faaf21e639
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D421B231205112AFD7249B28C844FAA7F95FF95324F14815BF4168B792C771FC82DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005A78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,005A790A,?,000000FF,?,005A8754,00000000,?,0000001C,?,?), ref: 005A8D8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A8D7D: lstrcpyW.KERNEL32(00000000,?,?,005A790A,?,000000FF,?,005A8754,00000000,?,0000001C,?,?,00000000), ref: 005A8DB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A8D7D: lstrcmpiW.KERNEL32(00000000,?,005A790A,?,000000FF,?,005A8754,00000000,?,0000001C,?,?), ref: 005A8DE3
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,005A8754,00000000,?,0000001C,?,?,00000000), ref: 005A7923
                                                                                                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,005A8754,00000000,?,0000001C,?,?,00000000), ref: 005A7949
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,005A8754,00000000,?,0000001C,?,?,00000000), ref: 005A7984
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e483250aa86c76f59910d0662b220749975b9fc88712a7ea262985f9f540cb56
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 948740ac94caa601d6ab2ab8a47f4ba313254f4e061fd1aeaacfee42b5cde4f4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e483250aa86c76f59910d0662b220749975b9fc88712a7ea262985f9f540cb56
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4511063A201206AFCB255F34DC45D7F7BA9FF9A350B00402BF802C72A4EB319811D791
                                                                                                                                                                                                                                                                                                                                                      Function 005D7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 005D7D0B
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,?), ref: 005D7D2A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 005D7D42
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,005BB7AD,00000000), ref: 005D7D6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00559BB2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1d79d7438582a5ad8c711de7f8ddee99a13950d5138cdd0d2fbf6c287c1cdbc2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f722cfedd75889977534f9a52a55d3df079194872fb6e59e3b5609bf2cb3db09
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d79d7438582a5ad8c711de7f8ddee99a13950d5138cdd0d2fbf6c287c1cdbc2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E81181316156199FCB209F2CDC04AA63FA6BF4A360B158767F935CB2F0E7309951DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005D5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 005D56BB
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D56CD
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005D56D8
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 005D5816
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0b414115f504f1b2687bc0786ec5ad05bef8537c82f07229c6361810893fe2b5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a245d9daf3b618e9d59726921a0c2c2417911341cf30af087b3c79730bd7700
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b414115f504f1b2687bc0786ec5ad05bef8537c82f07229c6361810893fe2b5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3111AF71A00609D6DF309B698C85AEE7FACFB51760B10852BF915DA281FB70CA84CF60
                                                                                                                                                                                                                                                                                                                                                      Function 005A1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 005A1A47
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 005A1A59
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 005A1A6F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 005A1A8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ee67843434d7e928af705ddd0a64508a2a2dc3e9ea9e024204bb041782362e57
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 07b6e891c4222dadf3eb1e875e80ef26dac7a889e26f2d539fdd883a94fe588a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee67843434d7e928af705ddd0a64508a2a2dc3e9ea9e024204bb041782362e57
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60113C3AD01219FFEB10DBA4CD85FADBB78FB04750F200092E601B7290D6716E50DB98
                                                                                                                                                                                                                                                                                                                                                      Function 005AE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 005AE1FD
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 005AE230
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 005AE246
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 005AE24D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8693eb61325b81435707bf54b32052bd811057a1ee8bafd1292b5b879000fcff
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a7735108c5e67002c15b881a33e402b572d40b1c894b4f489c985097122219ae
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8693eb61325b81435707bf54b32052bd811057a1ee8bafd1292b5b879000fcff
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2011C876904259BBC7119BA8DC0ABDE7FADEF46310F048657F924D7291D6708904C7B0
                                                                                                                                                                                                                                                                                                                                                      Function 0056D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,0056CFF9,00000000,00000004,00000000), ref: 0056D218
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0056D224
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0056D22B
                                                                                                                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 0056D249
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5555ec1d880ee81f8bde3ced0ac2f7a4f031de0d42b358821004e871be460ed9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 79ca92292d30d0eed35b557a8a7f37f947e37e517a728b0af1ff7cdcafc3cab9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5555ec1d880ee81f8bde3ced0ac2f7a4f031de0d42b358821004e871be460ed9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F701C03AE05205BBCB215BA5DC09AAA7F79FF82330F104A1AF925931D0DB718945D7B0
                                                                                                                                                                                                                                                                                                                                                      Function 0054600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0054604C
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00546060
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 0054606A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b6b08ee9645dc27b44e87929cc6fbe58435a270564f0ff05616ed9520a77087
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d4329e9c037449243eef2ce1aa67ccdbcc7619d8aeb01be0dd2b63c8466e57a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b6b08ee9645dc27b44e87929cc6fbe58435a270564f0ff05616ed9520a77087
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24115E72502509BFEF225F949C48AEABF69FF19359F040216FA1956110D732DC60EB92
                                                                                                                                                                                                                                                                                                                                                      Function 00563B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 00563B56
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00563AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00563AD2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00563AA3: ___AdjustPointer.LIBCMT ref: 00563AED
                                                                                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 00563B6B
                                                                                                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00563B7C
                                                                                                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 00563BA4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8973db7b4fea1d574bbf8a9296468c5fca071d31476d117beeeeaa4b17999b34
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C301E93210014ABBDF125E95CC4AEEB7F69FF99764F044014FE4857121C732E961EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00573073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,005413C6,00000000,00000000,?,0057301A,005413C6,00000000,00000000,00000000,?,0057328B,00000006,FlsSetValue), ref: 005730A5
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0057301A,005413C6,00000000,00000000,00000000,?,0057328B,00000006,FlsSetValue,005E2290,FlsSetValue,00000000,00000364,?,00572E46), ref: 005730B1
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0057301A,005413C6,00000000,00000000,00000000,?,0057328B,00000006,FlsSetValue,005E2290,FlsSetValue,00000000), ref: 005730BF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db9d342f454d8ed194a5e00b3cccebef5c6c2f951a91396699743a397989f0d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ffa59ad03912ff1bf65d9e929c7bf82a5bcc63a5c226412984b840f9a9cc2486
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db9d342f454d8ed194a5e00b3cccebef5c6c2f951a91396699743a397989f0d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F101D436352232ABCB314A78BC4C9577F98BF15B71B208721F909E7190D721D909F6E0
                                                                                                                                                                                                                                                                                                                                                      Function 005A7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 005A747F
                                                                                                                                                                                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 005A7497
                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 005A74AC
                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 005A74CA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3c49c1fcff60063e8bd3a24fe876927955defc155f0bb151573e8dbcee174342
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 90f3e8e75ac4acc0423728757b068c8f51200a538d89d4e7c5e19046d83f0f8b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c49c1fcff60063e8bd3a24fe876927955defc155f0bb151573e8dbcee174342
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311A1B12063199FEB308F14DC08F967FFCFB09B00F10856AA626D6151D770E908EB60
                                                                                                                                                                                                                                                                                                                                                      Function 005AB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,005AACD3,?,00008000), ref: 005AB0C4
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,005AACD3,?,00008000), ref: 005AB0E9
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,005AACD3,?,00008000), ref: 005AB0F3
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,005AACD3,?,00008000), ref: 005AB126
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e58d25c8d844ce4fa33c2d4bd8a7aba3bcf1290febebac94f6f7124a4ccb8d1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 941a68db561c3cd32a60229a7302d905d041ca1b148391ae5a9ca1fd3da971bd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e58d25c8d844ce4fa33c2d4bd8a7aba3bcf1290febebac94f6f7124a4ccb8d1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF11AD30C0152DEBDF10AFE4E9686EEBF78FF5A311F004496D941B2182CB305650DB91
                                                                                                                                                                                                                                                                                                                                                      Function 005A2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 005A2DC5
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 005A2DD6
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 005A2DDD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 005A2DE4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1a93b832c52590d1fe3c0cb0e1bcb7fb049be8def5accbd818c79eab7c45804
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd42b9790d1ed951b2bac5ba4337804e20a572a9e09bf93b0cad420318ebb98e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1a93b832c52590d1fe3c0cb0e1bcb7fb049be8def5accbd818c79eab7c45804
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FE06DB11022257ADB301BAA9C0EEEB3F6CFF63BA1F000017B505D10819AA4C845D6B0
                                                                                                                                                                                                                                                                                                                                                      Function 005D8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00559693
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559639: SelectObject.GDI32(?,00000000), ref: 005596A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559639: BeginPath.GDI32(?), ref: 005596B9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00559639: SelectObject.GDI32(?,00000000), ref: 005596E2
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 005D8887
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,?,?), ref: 005D8894
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 005D88A4
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 005D88B2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 26d8054416f317e9a2b999e1c5743ebe1dfd95dd6ba2ad4afbcd812d8bb7453c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a561d63dc87ee7b41bff1c4147f1543640597c5d4d3458178f068facf970f12d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26d8054416f317e9a2b999e1c5743ebe1dfd95dd6ba2ad4afbcd812d8bb7453c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AF09A3600229AFADB221F94AC0DFDE3F59AF16311F088003FA11650E1C7741515EBE5
                                                                                                                                                                                                                                                                                                                                                      Function 005598B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 005598CC
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 005598D6
                                                                                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 005598E9
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 005598F1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e7ac76870de7f40ee76d8d867fa852ed05f579072c7805e0592c8c853c8c481f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cfdf1ff866c450ba26e3bbcb4b3b87033d305c0e1a66136afa46f8d9095f810d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7ac76870de7f40ee76d8d867fa852ed05f579072c7805e0592c8c853c8c481f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AE06D31245295AADF315BB4BC09BE83F20BB26336F04821BF6FA580E1C3714648EB10
                                                                                                                                                                                                                                                                                                                                                      Function 005A162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 005A1634
                                                                                                                                                                                                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,005A11D9), ref: 005A163B
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,005A11D9), ref: 005A1648
                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,005A11D9), ref: 005A164F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9e6dc6858b8def2caccec8dbe1a86205b5241dd71c314978eb71fbaa8fae176d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cf75b38f83493c5b96c805a70c38cc3f7edcd3e5a13bc691a2750d9d2ca233f9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e6dc6858b8def2caccec8dbe1a86205b5241dd71c314978eb71fbaa8fae176d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AE08631603212DBD7301FE09E0DB4A3F7CBF657A1F14480BF245CA080D6344448D754
                                                                                                                                                                                                                                                                                                                                                      Function 0059D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0059D858
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0059D862
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0059D882
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 0059D8A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b86b5afbb7db0696f4fa339fe2f271eace8dec1dffe29b8fa1f9ed990988e890
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8bbe675a6ce61dcca61f22f26ec2c3549895281edbb788062944ceec2c69fbe8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b86b5afbb7db0696f4fa339fe2f271eace8dec1dffe29b8fa1f9ed990988e890
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05E0E5B5801206EFCB619FA4980C66DBFB1FB58311B18840BE806A7250C7388909EF50
                                                                                                                                                                                                                                                                                                                                                      Function 0059D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0059D86C
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0059D876
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0059D882
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 0059D8A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eb8cc53de7560bb1951d743b8ad11ead201981d58c4b63c2cc345ea3b3587d7d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: db0a04b3ae403f09a0f61e32d0fcd04f4cbece97d24a0725360a2d5846d457be
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb8cc53de7560bb1951d743b8ad11ead201981d58c4b63c2cc345ea3b3587d7d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6E09A75801206EFCB619FA4D80C66DBFB5FB58311B14844BE946E7350D7399909EF50
                                                                                                                                                                                                                                                                                                                                                      Function 005B4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00547620: _wcslen.LIBCMT ref: 00547625
                                                                                                                                                                                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 005B4ED4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d3b1b77b42ef3a6e5facacd35a4b4db27816d49310285a8c9e14ebeb08386b51
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 78cf8f9e664c28d9fd286aa968ea2fa32832ca39b5c5b2d6422f0cb1ac86b22a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3b1b77b42ef3a6e5facacd35a4b4db27816d49310285a8c9e14ebeb08386b51
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9912A75A002559FCB24DF58C484EEABBB5BF48308F198099E80A9F362D735ED85CF91
                                                                                                                                                                                                                                                                                                                                                      Function 005C7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(0059569E,00000000,?,005DCC08,?,00000000,00000000), ref: 005C78DD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00546B57: _wcslen.LIBCMT ref: 00546B6A
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(0059569E,00000000,?,005DCC08,00000000,?,00000000,00000000), ref: 005C783B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: <s`
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3544283678-2609942155
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1cf8552f4ccd21a75e48e2300598caa0f9bbc7352a52ea4b76ea58d158a3f999
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 64bfaf1564e70ad18a31ad88120ff6051ec54b58be7bef7c8e7143fe79d281cf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cf8552f4ccd21a75e48e2300598caa0f9bbc7352a52ea4b76ea58d158a3f999
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B613B7291411AAECF04EFE4CC99EFDBB78FF58304F544529E642A7091EB305A09DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0055E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bb0b3bdc106e4c9a587f72d04ac445a5817eeb12d852983d1de6364343f645d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b5b10583020eacc4d192303f27373a68517ada13d9ef87ce6211a44255e2c6d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb0b3bdc106e4c9a587f72d04ac445a5817eeb12d852983d1de6364343f645d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8513239504286DFDF18DFA8C096AFA7FA8FF55310F244416EC919B2D0D6349E86CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 0055F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0055F2A2
                                                                                                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 0055F2BB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ea358916b28fcf1fb5e8b03165c18e2b1695565dcc68036b6d731c6ae5ebafb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fca8c21699fb5208d8d851dda3468c67ade60e4f5d901228d7c6f0ca593f9a6d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ea358916b28fcf1fb5e8b03165c18e2b1695565dcc68036b6d731c6ae5ebafb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30513771409749ABD320AF50DC8ABABBBF8FBD4304F81885DF1D941195EB318529CB6B
                                                                                                                                                                                                                                                                                                                                                      Function 005C5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 005C57E0
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005C57EC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d55e03fae351dafdfca0f2abcaf46a13070423576418072c9bb0e862373f984
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 32973b5fd2ec78845939a81aab56083e07d7caa575d60e93fc0aafd56d36b0ad
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d55e03fae351dafdfca0f2abcaf46a13070423576418072c9bb0e862373f984
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68417F31A0010A9FCB14DFE8C895DAEBFB5FF99354F24406EE505A7291E730AD81CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005BD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005BD130
                                                                                                                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 005BD13A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8178a989925a3a5214ea235191a096641ab5bf8f5747c3380da1ded7fcc4efa3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b4999b1e5ed4149369e218ef240260b2815f2aaeb2bb6b9018598b1de995448b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8178a989925a3a5214ea235191a096641ab5bf8f5747c3380da1ded7fcc4efa3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D313E71D0120AABCF15EFA4CC89AEFBFB9FF45304F000019F815A6162E731AA56DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005D356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 005D3621
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 005D365C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1c24cb6799de6746f309b255d5b9d303a5c188c35f8b67771559414af6af1552
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4df10babdbea4c351586ab83eb00b079a3bb3672af8298a808fecb6eadb1bb6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c24cb6799de6746f309b255d5b9d303a5c188c35f8b67771559414af6af1552
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F531AB71100205AEDB20DF28DC80EFB7BA9FF88724F00961BF8A597280DA31ED81D761
                                                                                                                                                                                                                                                                                                                                                      Function 005D4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 005D461F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 005D4634
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4598260fbe9795f2146c8877991463998bb8216a70b502e18296143f2db16dc2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd8a5c2df26836e2f9e3f2d705803092a6f47587a498b282961c9621e6da25ee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4598260fbe9795f2146c8877991463998bb8216a70b502e18296143f2db16dc2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5310574A0120A9FDB24CFA9D991BEABBB5FF49300F14446BE905AB391D770E941CF90
                                                                                                                                                                                                                                                                                                                                                      Function 005D31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 005D327C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 005D3287
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a852b4d12958ca33224e5e98156daf66d08745df72ebff3923c9038d4b460125
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ecf30fa3de35ef96e4788b1d8eb1cfc67722a152420156e04f872046ef287085
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a852b4d12958ca33224e5e98156daf66d08745df72ebff3923c9038d4b460125
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A311D075A00209AFEF219E98DC84EBB3F6AFB94364F10412BF9189B390D6319D518761
                                                                                                                                                                                                                                                                                                                                                      Function 005D3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0054600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0054604C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0054600E: GetStockObject.GDI32(00000011), ref: 00546060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0054600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0054606A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 005D377A
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 005D3794
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f2e0b741cc482bc22aab61618643707f1f0299b18b3e0660671b76643ddc213
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eec22cd02822ed9695909792c2556fb92f20f1ca5b85dfa3abf4743674badf90
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f2e0b741cc482bc22aab61618643707f1f0299b18b3e0660671b76643ddc213
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B31167B261020AAFDF10DFA8CC4AEFA7BB8FB08304F004916F955E2250E735E910DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005BCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 005BCD7D
                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 005BCDA6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b1c5da7fa8911aaa22a2ca8b302bd4d08a62712910a3b0759c4a1fc444fbf47
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 18df7789be992fbe3e78947c412c0b8059866e68496ddd9a9688e7aeed23c118
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b1c5da7fa8911aaa22a2ca8b302bd4d08a62712910a3b0759c4a1fc444fbf47
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA110279205672BED7384B668C48EF7BEACFF227A4F40422AB14983180D770A840D6F4
                                                                                                                                                                                                                                                                                                                                                      Function 005D3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 005D34AB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 005D34BA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 433e3f71ff7b6bf2714dcd336719dabb8cc8a413bbfbc1d1165f2dea7f714012
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2ce71fdac918a3922615399e06607ac8ca6d77f8ee7a6ac61e92c6c4d5cf8e9e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 433e3f71ff7b6bf2714dcd336719dabb8cc8a413bbfbc1d1165f2dea7f714012
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F119D71100109AAEF218E68EC48AEB3F6AFB15378F508727F960972D0C779DC519752
                                                                                                                                                                                                                                                                                                                                                      Function 005A6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?), ref: 005A6CB6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005A6CC2
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4155fc3a8f72d3082245aefc0b8814aef6b56076e00cf4098ae4c821c0a64837
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 73908cdbebc61e37654deff2863aaf8e26bb310e02c1ab048af1b6cf5dc65edf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4155fc3a8f72d3082245aefc0b8814aef6b56076e00cf4098ae4c821c0a64837
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C20104326005278BCB209FBDDC958BF3FB5FEA27647450924E86293195EA31DD00C650
                                                                                                                                                                                                                                                                                                                                                      Function 005A1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 005A3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 005A1D4C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 042ab6edfe58f6c48ce5c52a7ffd9d1b08852e98eea9101f490f008a22f1c543
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 48633e442c9fe2bcc637265d8e80ede66ee4f9fabe6c0529c68ffcd9e7188929
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 042ab6edfe58f6c48ce5c52a7ffd9d1b08852e98eea9101f490f008a22f1c543
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A801F535651215ABCB08EBA4CC5A8FF7BA9FF83354F000A1AB832572C1EA305D088660
                                                                                                                                                                                                                                                                                                                                                      Function 005A1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 005A3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 005A1C46
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 07f348230c09c4e885728619e7e6f45f730fc1a3c0d7e583a7e3e018ee981830
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 70eeccb424d1ef8cb3c190280d7a2a553fb3f237367f88f514ae16c6798771f1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07f348230c09c4e885728619e7e6f45f730fc1a3c0d7e583a7e3e018ee981830
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC01F775AC110566CB08EB90DE6A9FF7FA8BF52350F10001AB406672C2EA209E08C6B5
                                                                                                                                                                                                                                                                                                                                                      Function 005A1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 005A3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 005A1CC8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 25154e9af29de47790c055f7558f7eea09418e7c76451a683c1e34f009bd403f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 32f649ece2de4256919196249a5890091a39cb39ac561e37dbb722f63bbffb69
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25154e9af29de47790c055f7558f7eea09418e7c76451a683c1e34f009bd403f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3701DB75A8111567CF14E794DE6BAFF7FA8BF52394F140015B80277281EA209F08C6B5
                                                                                                                                                                                                                                                                                                                                                      Function 0055A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0055A529
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ,%a$3yY
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2551934079-2205486753
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7835afd7dfb2cb47be8617c7bd4bb1e23abbe824ec87516073fd213cc5e784a6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b2f4a69d90ba25302a1702af184e038e344650c11a1be0de798998c95a29f94
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7835afd7dfb2cb47be8617c7bd4bb1e23abbe824ec87516073fd213cc5e784a6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6701F73160061287CE10F7B8D87FEDE3F55BB85711F440626F902572C2EE506D458697
                                                                                                                                                                                                                                                                                                                                                      Function 005A1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00549CB3: _wcslen.LIBCMT ref: 00549CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 005A3CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 005A1DD3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1f70028c79a3061ce15014f916be6a04b86a28a2ac47609f1206babf63769eb5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 81149b8747cb7926af3c3f05e339c56540989940abe82d405bed588930d09aec
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f70028c79a3061ce15014f916be6a04b86a28a2ac47609f1206babf63769eb5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EF0F471A8161666DB08F7A4DDAAAFF7F68BF42394F040915B822672C2DA605D0886A4
                                                                                                                                                                                                                                                                                                                                                      Function 005D8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00613018,0061305C), ref: 005D81BF
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 005D81D1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID: \0a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3712363035-2132044283
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be4ca66be602248a1880ab9d28fb710eab758ed2d36de48a4a1101def56da571
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ff302fcea4882a0959f416986a6e9273a12f7cfac6a9a56bf6d0076aa6847690
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be4ca66be602248a1880ab9d28fb710eab758ed2d36de48a4a1101def56da571
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88F0B4B1640310BAE3206B606C05FF73E9DEB18752F044422BB09D63A1D6758B0493B4
                                                                                                                                                                                                                                                                                                                                                      Function 005C747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f62c94da3137a729b1457a69ee12e5c1fec1349f5d13f232adb9f5397206f928
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 403d66b03eda5b44660bcbee6eb8fc76af94f971b9573bf5bf70e236d20fbfb8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f62c94da3137a729b1457a69ee12e5c1fec1349f5d13f232adb9f5397206f928
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DE02B0264472118A73912B99CC5F7F5E8AFFCD750710182FF981C3666EA948DD197A0
                                                                                                                                                                                                                                                                                                                                                      Function 005A0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 005A0B23
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e5d6b61d5884c5f453f07c25bc68a73372a5201201637055adfa1e54c88dc059
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a6b2ae5b189d27f43717bab3f3fafaa69b8599c8cc9b4a3ffd17eb6c5af44712
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5d6b61d5884c5f453f07c25bc68a73372a5201201637055adfa1e54c88dc059
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25E0D83128430A26D2243754BC07FCD7F88EF05B15F10042BFB58555C38AD2689096A9
                                                                                                                                                                                                                                                                                                                                                      Function 00560D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00560D71,?,?,?,0054100A), ref: 0055F7CE
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,0054100A), ref: 00560D75
                                                                                                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0054100A), ref: 00560D84
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00560D7F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9973506199829d35b63134187f29eda024a38d74e7683ce05b626a338f98b9cf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e233821652006c3e664345cccb3e7556af2f7d9b6f7fe5e2bef25b96a9925231
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9973506199829d35b63134187f29eda024a38d74e7683ce05b626a338f98b9cf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8E039742003028BD7709FA8E4082467FE4BB14745F048A2FE486C7695DBB1E4489B91
                                                                                                                                                                                                                                                                                                                                                      Function 0055E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0055E3D5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0%a$8%a
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-290635068
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 24b2fbc60606ff664e7e9e28fe0d66661df28753dc94c244357cf14766af8846
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c6d65abcb406bec8bd084d1b323cc13fe8cd14de75bc8548c344d7f636d5643d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24b2fbc60606ff664e7e9e28fe0d66661df28753dc94c244357cf14766af8846
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0E02631400912CBC708DB18F9FAAC83B57BB45321B196967E802871D1DB3039858644
                                                                                                                                                                                                                                                                                                                                                      Function 005B3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 005B302F
                                                                                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 005B3044
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f76d16bbd0480ebbc5947c926e4e4d19f476bff4abf2c1e40c3b76f2d9d27dc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6688592a680e08baa71c3b4d337d36cf565b4776fbfa6f50ac06c81db8dbad8a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f76d16bbd0480ebbc5947c926e4e4d19f476bff4abf2c1e40c3b76f2d9d27dc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1ED05B7554131467DA30A7949C0DFC73F6CD714750F000293B695D20D1DAF09544CAD0
                                                                                                                                                                                                                                                                                                                                                      Function 005D2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 005D236C
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 005D2373
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AE97B: Sleep.KERNEL32 ref: 005AE9F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8a08d4d8da4b48ecd5b736ae735a54ec814cf8ebcea37bfd93c1b373d85b974c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c91cd9f241be8ceb78c99045e3e0aa0eb36e01b53dbcfd89bacba101d8f6821a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a08d4d8da4b48ecd5b736ae735a54ec814cf8ebcea37bfd93c1b373d85b974c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3D0C9323C2311BAEA78A770EC0FFCB7A59AB55B10F0149177645AA1D0C9A0A805CA54
                                                                                                                                                                                                                                                                                                                                                      Function 005D2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 005D232C
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 005D233F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005AE97B: Sleep.KERNEL32 ref: 005AE9F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2222882982.0000000000541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2222802434.0000000000540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.00000000005DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223073258.0000000000602000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223248640.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2223639724.0000000000614000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_540000_kjDPynh9vQ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf0724b040178624dd78a688fb20a17feeaf02c90820002b7c8bb1c35f5d218a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3bfead5a3c7040dc7353a4d23a1d7204553a1dc3613d3f03cd4b4f97dcec1c1f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf0724b040178624dd78a688fb20a17feeaf02c90820002b7c8bb1c35f5d218a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DD0C936395311BAEA78A770EC0FFCB7E59AB51B10F0149177645AA1D0C9A0A805CA54